Introduction

Introduction

Introduction

In October 2020, 59% of the world’s population were active internet users. In North America and Northern Europe, 95% of the population use the internet (Clement, 2020). With the ever-increasing use of cyber activity and user-generated content, people regularly face the question “Is this real?” The notion of “fake news,” popularized by the 2016 U.S. presidential campaign, has become an overarching concept for how facts and information are gathered from online sources (Egelhofer & Lecheler, 2019) and is used to misrepresent false material and false sources as credible. In addition to false misrepresentations, the rising use of phishing and other cybercrimes aimed at the general public, organizations, and governments have brought the concept of online credibility into current public discourse.

The escalating use of technology to conduct malicious activities by foreign intelligence services, state-sponsored actors, and criminal actors raises grave concerns about online credibility. One of the most recent examples of mass malicious cyber activities targeting the public occurred during the 2016 U.S. election. The report of the U.S. investigation cited: “The Internet Research Agency [IRA] carried out the earliest Russian interference operations identified by the investigation…..The IRA later carried used social media accounts and interest groups to sow discord in the U.S. political system through what it termed ‘information warfare”. The campaign evolved from a generalized program designed in 2014 and 2015 to undermine the U.S. electoral system, to a targeted operation that by early 2016 favored candidate Trump and disparaged candidate Clinton. The IRA’s operation also included the purchase of political advertisements on social media in the names of U.S. persons and entities, as well as the staging of political rallies inside the United States” (Mueller, Helderman, & Zapotosky, 2019, p. 4).

Using tried and tested techniques of developing credible personas, the state-sponsored campaign leveraged the credibility of real Americans through the liking and sharing of Russian originated persona posts and online activities, which sought to sow discord, increase uncertainty, and magnify social tensions to influence voting behaviour (Jamieson, 2018). The reach of this campaign was extensive. For example, in 2018, Twitter notified 1.4 million Twitter users who had directly engaged or actively followed the now-identified 3,841 IRA-linked accounts (Twitter Public Policy, 2018).

However, political advantage is not the only target of cyber adversaries. While other targets may include government agencies and businesses, everyday internet citizens are frequently the target. The Australian Cyber Security Centre (ACSC; 2020) identified that the most common cybercrime perpetrated against individuals is fraud by deception followed by identity-theft. The ACSC noted that cyber adversaries also commonly conduct phishing and spear phishing campaigns, along with corporate email compromise. Purplesec (2020) reported that corporate email compromises cost organizations $676 million in 2017 and note that 98% of all cyber-attacks rely on social engineering. As such, this is no longer an intelligence service problem; the general population must constantly question the authenticity of online identities and information from potential adversaries, which is any online source intended to introduce false, misleading, or inaccurate information for nefarious or malicious purposes. This paper aims to apply theoretical and empirical advances in understanding online credibility of malicious cyber actors through a model of online adversary credibility assessment.

Introduction

Table of Contents