QUICKLOOK: Chinese Information Operations
Video Summary: Che Chang & Silvia Yeh
Analyzing Chinese Information Operations: Insights and Findings using Threat Intelligence
Introduction:
Information operations have become a significant concern for democratic countries, particularly after the Russian interference in the 2016 US election. Authoritarian regimes like China and Russia have been accused of using social media to influence election results and polarize democratic societies. In this regard, analyzing China's information operations using threat intelligence has become increasingly important. This article will discuss the insights and findings on Chinese information operations obtained through analyzing the Chinese-speaking social media landscape.
Analyzing Chinese Information Operations:
The rise of information operations has prompted the Taiwanese cyber security company TNT5 to analyze the Chinese-speaking social media landscape. TNT5 is a Taiwan-based company that focuses on helping clients solve advanced persistent threats (APT). They provide technical, operational, and strategic intelligence reports and on-demand reports. Their two main products are Stress Sona and Cell Vision, which have been adopted by many government units, research institutes, and big corporations.
The company's cyber threat analysts, Chai Chang and Sylvia, have been actively involved in researching information operations and the Chinese-speaking underground market. They have also been invited to speak at various security conferences, such as the virtual training workshop held by the Taiwanese government, VGCDF, and Cold Blue 2020.
To understand China's tactics and procedures in information operations, TNT5 uses the diamond model of intrusion analysis. This model is used to track, identify, and analyze involved campaigns in various events.
Features of China's Information Operations within the Great Firewall:
One of the features of China's information operations within the Great Firewall is the public opinion guidance industry. This industry involves the censorship of sensitive content and the visualization of the content on a dashboard. The Army Dog Junction is a public opinion guidance company that claims to use big data and artificial intelligence to filter out sensitive content. It helps local authorities control the online narrative and set up tests for their trolling enemies.
Another feature of China's information operations within the Great Firewall is the mobilization of patriotic natives. This mobilization involves a group of individuals that include the 50 cent party, the little pink, and the trolling enemy. These groups help spread disinformation, hate speech, and nationalism. The mobilization of patriotic natives was evident in the 2019 Hong Kong protests where they used the hashtag campaign "I dare you to pull off your masks" to implant nationalism and patriotism.
Activities Beyond the Great Firewall:
China's propaganda machine has expanded beyond the Great Firewall, with its activities evident on foreign social media platforms like Facebook, Twitter, and YouTube. The Chinese state media outlets, including the Global Times, People's Daily, and China Central Television, have become the most-followed media outlets on Facebook. Reports suggest that Chinese media outlets have hired digital marketing firms to boost their likes and followers.
Fake accounts and content have been used to amplify the Chinese state media content and conspiracy theories. These accounts have simultaneous posts that are identical and copied from the Chinese state media or social media. Although social media giants like Facebook and Twitter have removed hundreds of thousands of fake accounts linked to China, a considerable number of accounts continue to boost the narrative of the Chinese government across social media platforms.
China's activities beyond the Great Firewall are not limited to social media. TNT5 has investigated China's information operations against Taiwan, including a campaign on PTT, a popular Reddit-like forum. The campaign aimed to discredit Taiwan's intelligence agency and military unit in a bid to sow distrust and chaos in Taiwanese society. The investigation found that the actors had control over 20 Taiwanese IPs and 50 PTT accounts in this campaign.
Conclusion:
Beyond the Great Firewall, China is expanding its propaganda machine on foreign social media platforms such as Facebook, Twitter, and YouTube. The use of fake accounts, copycat content, and digital marketing firms has been observed, making it important for social media giants to remain vigilant in removing fake accounts linked to China.
The investigation of Chinese information operations against Taiwan has also highlighted the need for threat intelligence analysis in identifying and mitigating cyber threats. The use of Juker, a messaging app developed by Taiwan's research institute, and Operation Jupiter on PTT, a popular Reddit-like forum in Taiwan, has revealed the extent of China's influence and propaganda on Taiwanese society.
Overall, the presentation on analyzing Chinese information operations with threat intelligence has provided valuable insights into identifying and mitigating cyber threats in today's digital age. By understanding the tactics and procedures of these campaigns, cyber threat researchers can effectively track and analyze disinformation campaigns and their actors, and take the necessary measures to mitigate cyber threats.