Behind the curtain - Digital Threat Digest
PGI’s Digital Investigations Team brings you the Digital Threat Digest, SOCMINT and OSINT insights into disinformation, influence operations, and online harms.
On 8 August, Ohio voters rejected a Republican-backed referendum ballot known as Issue 1. Had it passed it would have changed the Ohio State Constitution to require 60% approval for any constitutional amendment, as opposed to a simple majority.
During the campaigning process, local residents received an eight-page edition of a newspaper, the ‘Buckeye Reporter’. This seemingly harmless paper was filled with supportive quotes from Republican politicians related to Issue 1 and framed those opposing the ballot as ‘communists’ and ‘LGBTQ+’. The paper also falsely claimed that a local opposition group to the ballot, Red Wine and Blue, wanted critical race theory to be taught in schools. The Buckeye Reporter is part of an extensive web of 1,300 local online news outlets operated by one company, Metric Media, known for producing misleading content with a conservative bias.
In the online sphere, a local group in support of Issue 1, Protect Our Constitution, paid for social media advertisements which amplified the Buckeye Reporter and other Metric Media outlets. During the 2022 midterms, Jim Renacci, a failed candidate for Governor of Ohio, used the online version of the ‘Buckeye Reporter’ to bolster his achievements and candidacy.
Online influence operations often leave digital breadcrumbs that OSINT investigators can follow to determine who is running the operation. In this case, Metric Media has helpfully listed all of the local media outlets it runs on its website. However, the motives and infrastructure of the physical campaign will not be as clear to the ordinary citizen who receives this information in their physical mail. The increasing use of physical forms of influence, such as these deceptive ‘local’ newspapers, makes campaigns harder to track and measure. We cannot see how many ‘interactions’ their posts are getting, who is sharing this information and who is parroting it to their social networks in real life.
The increased use of physical material to deceive, as part of a wider online infrastructure, suggests that these hybrid campaigns could be utilised more in future local campaigns. In preparation for 2024, it is important not to forget the local happenings, ballots and by-elections that might inform threat actors and behaviours going forward.
More about Protection Group International's Digital Investigations
Our Digital Investigations Analysts combine modern exploitative technology with deep human analytical expertise that covers the social media platforms themselves and the behaviours and the intents of those who use them. Our experienced analyst team have a deep understanding of how various threat groups use social media and follow a three-pronged approach focused on content, behaviour and infrastructure to assess and substantiate threat landscapes.
Disclaimer: Protection Group International does not endorse any of the linked content.
Over the years, we have developed a range of content with the aim of educating organisations on cyber security threats and helping them defend their assets and reputation, so for us every month is Cyber Security Awareness Month.
On 26 September, Semafor published a lengthy article written by Jay Solomon claiming that a series of Iranian-American analysts and advisors to the Biden administration had been compromised as part of a long-running Iranian influence operation.
These days, there seems to be a variety of digital technologies on the horizon that are poised to disrupt the way we live our everyday lives.