Playing by the rules - Digital Threat Digest

The most serious argument I’ve ever had with a very good friend came when they challenged me to a game of Crash Team Racing, a spinoff from the Crash Bandicoot universe in which you race characters in go-karts. The default controls on PlayStation have accelerate as X; something only a psychopath experiencing their first day with opposable thumbs would be happy to use. The game has an alternative control scheme which remaps accelerate to the right trigger. I used the alternative controls, won, and was immediately (with genuine fury) accused of cheating.

For me, gaining a competitive advantage isn’t a binary thing, it’s a spectrum. I could have pulled out the power cable if I was losing. I could have used a Flipper Zero to turn off the TV mid-race when I was on a straight. I could have thrown ice cubes from my Aperol Spritz at my friend. Had I done any of those, I’d have been happy to be accused of cheating. But anything less than that, if we’re in competition, I’m gonna do it.

Now, to bring some digital threat relevance to my humble yet insurmountable Crash Team Racing supremacy, I want to explore how we force ourselves to play without a competitive advantage when it comes to countering hostile threats online.

On the balance between reactivity and proactivity, 98% of work in this space is reactive. The focus on downstream content, on identifying IO campaigns once they’ve already been launched and embedded is, by nature, reactive. We abandon the competitive benefit of first mover advantage because proactive hunting is really hard to do. And because we convince ourselves that researching an election before it happens is true proactive threat hunting.

Getting proactive requires getting upstream – getting into the command and control infrastructure of a threat actor. But make sure you abide by GDPR, RIPA, the OSB, Ant & Dec, and the FTSE100 when doing so. Because that’s clearly what the threat actors are doing, as they scrape the entirety of the Irish social media space to reverse engineer the perfect inflammatory anti-migrant rhetoric.

Reverse engineering brings true competitive advantage. It gets you on the offensive rather than the defensive. It gets you proactive. So why don’t we stop treating the symptoms and start treating the cause. The assets of an IO are symptoms. The cause is the threat actor behind the screen. So why don’t we doxx the doxxers? Mass report the mass reporters? Psychologically mess with those so intent on running IOs in our information space?

As long as we refuse to change the default arbitrary settings of the game, we’re not going to win against someone prepared to burn the house down to avoid a loss.

More about Protection Group International's Digital Investigations

Our Digital Investigations Analysts combine modern exploitative technology with deep human analytical expertise that covers the social media platforms themselves and the behaviours and the intents of those who use them. Our experienced analyst team have a deep understanding of how various threat groups use social media and follow a three-pronged approach focused on content, behaviour and infrastructure to assess and substantiate threat landscapes.

Disclaimer: Protection Group International does not endorse any of the linked content.