False Alert: Can You Really Trust that Tweet for Emergency Communications?

A recent article in The New York Times describes a highly coordinated disinformation campaign using social media. This scary development raises new questions about the reliability of alerts and other emergency communications that rely on social media platforms. Will disinformation campaigns become a growing trend that will undermine recent advances in spreading important information during emergencies?

by / June 28, 2015

Over the past few years, there has been skyrocketing growth in the use of social media to get the word out during emergency situations. From fires to disease outbreaks to police shootings, more and more people turn to Twitter, Facebook or other social media sites to get the latest updates on incidents from reliable sources and "friends."

Earlier this year, Emergency Management magazine ran a story titled: Can You Make Disaster Information Go Viral? In that piece, new efforts were highlighted to improve the reliability of emergency communications using social media during man-made and natural disasters.

I applaud these social media efforts, and this emergency management communications trend has been a very good thing up to this point. But dark clouds are on the horizon. And soon, maybe you'll need to hold-off on that retweet.

Why? This game-changing story from The New York Times shows how highly coordinated disinformation campaigns can spell big problems for emergency communications in the future.

No, I’m not talking about some bystander who got a few facts wrong about a car accident.

The NYT article describes pros who set out to convince you to act with detailed misinformation. Here’s an excerpt:

On Dec. 13, two months after a handful of Ebola cases in the United States touched off a minor media panic, many of the same Twitter accounts used to spread the Columbian Chemicals hoax began to post about an outbreak of Ebola in Atlanta. The campaign followed the same pattern of fake news reports and videos, this time under the hashtag #EbolaInAtlanta, which briefly trended in Atlanta. Again, the attention to detail was remarkable, suggesting a tremendous amount of effort. ...

On the same day as the Ebola hoax, a totally different group of accounts began spreading a rumor that an unarmed black woman had been shot to death by police. They all used the hashtag #shockingmurderinatlanta.

This is a really big deal folks, and not just for emergency management teams. No doubt, there has always been false or misleading information online, but this deliberate attempt to deceive and misdirect people in crisis situations is taking matters to an entirely new level. Mistakes can and will be made in every communication effort, but actively broadcasting detailed instructions that could intentionally result in harm is another matter.

But before I explain why I am concerned, I urge you to go back and read (or at least skim) the NY Times article called The Agency,which explains that “from a nondescript office building in St. Petersburg, Russia, an army of well-paid ‘trolls’ has tried to wreak havoc all around the Internet — and in real-life American communities.”

In my opinion, this is probably just the beginning of a growing trend, and there is likely much worse to come.

More Background On Using Social Media For Emergency Management:

If you google the phrase “twitter for emergencies,” you’ll get more than 35 million page views. There are articles like this excellent piece from Emergency Management magazine that described how Twitter launched an alert system for emergencies back in 2013.

Participating U.S. organizations include the American Red Cross, all ten Federal Emergency Management Agency (FEMA) regions for emergency response and the Centers for Disease Control and Prevention, as well as state and local agencies such as the Colorado Division of Homeland Security and Emergency Management.

According to Twitter, emergency features are available to local, national and international organizations that “provide critical information to the general public.” Organizations that want to use the program can request enrollment via Twitter’s site.

Here is a brief video describing the use of Twitter for emergencies:

Other articles, such as this blog, describe the use of social media for wildfire communication in Colorado, sending Amber Alerts for missing children and relaying information during health emergencies.

In the last case, here is a quote regarding the spread of information for the Ebola emergencies in Africa:

“Tweets regarding the Ebola outbreak had reached more than 60 million people in three days prior to official announcements of the outbreak, as per the study.”

Notice that millions of people were relying on tweets for information before the official announcement was made. While that appears to be a very good thing in this case, what if bad information (that looked very legitimate) was being spread to 60 million people?

Me Worry?

Some readers may be thinking: Isn’t this story overblown? Aren’t these vetted sources for Twitter data? Won’t people go to the reliable sources for their trusted emergency management information?

Sadly, that is not always the case, as security professionals know regarding phishing scams with emails and plenty of other online methods used to trick people into believing viral content or worse.

There are many ways for false information to spread online that can be used by bad guys with Twitter and other sites. While I won’t list all those ways in this blog, I will say that changing a few letters in a name, using shortened URLs or hyperlinking to bad information while using the label from a respected name are just a few methods used to misdirect people. The very features that make social media so popular (such as easy retweets) are the same methods that can be used to trick others to act by the bad guys.

The reality is that sophisticated actors that are intent on doing harm can create lots of problems for emergency management communications systems using social media.

Will this NYT story be a one-off example or the beginning of a scary trend that will grow? I certainly don’t know the answer to that question, since I can't predict the future. I won’t go into bad guy motives or offer some potential aids in this piece, but I do want to say one more reason that this NYT story matters right now.

An Online Trend Story from the Past Applies Here

Back in 2006 when I was Michigan CISO, we were one state engaged in the CYBERSTORM I exercise with the U.S. Department of Homeland Security (DHS), law enforcement agencies, other states and even other countries. After several days of practice with defending our computer systems against cyberattacks, all hell broke loose during this test of our online (and offline) defenses. For example, bombs were going off at data centers, everything was getting hacked and systems were being compromised.

REMINDER – This was just a cyber exercise or test of our team's incident response capabilities. Still, that cyber exercise now reminds me of movies like Die Hard 4.

Anyway, near the end of the exercise, we needed to purchase a new Bull Mainframe in order to get citizens services online again, so we stated making calls to get a Bull Mainframe fast. The trouble was, we quickly learned, only one Bull Mainframe was available in the entire world.

The exercise planners even simulated a salesman with a French accent who wanted $40 million for the Bull Mainframe box (which we thought was only worth $10 million.) We ended up negotiating and buying it for $20 million during this exercise simulation.

A few days later, I remember members of my team complaining during the cyber exercise hotwash that the extortion threats were “completely unrealistic.” Several people said: “No one will ever hold us ransom for money during a cyberattack!"

I agreed and even boldly asked the exercise planners: "Why was that extortion situation even in CYBERSTORM I?”

Little did we know that ransomware would become one of the hottest malware issues around and the No. 1 cyberthreat in 2013.

Looking back, we experienced, but didn’t understand, the implications of a coming trend. The threat of extortion and of ransomware were clearly evident and being included in cyber exercises back in 2006 or earlier. Of course, hindsight is 20/20, and I now see the error of my short-term and narrow thinking on cyberextortion.

Back to Emergency Management and Social Media

Which leads me to ask similar questions about new social media communication trends. Could similar things happen with troll farms that happened with ransomware and extortion?

Will misinformation on Twitter and Facebook hoaxes or other social media fraud undermine the benefits offered by these excellent infrastructure tools? Only time will tell. For now, it all comes back to vetted sources, and Internet reputations and reliable, verifiable information.

Emergency management personnel need to consistently go the extra mile to ensure that subscribers to their social media alerts understand and follow appropriate procedures.

Nevertheless, in an emergency situation with only seconds to spare, it always comes down to this very personal question: Can I trust that tweet? Really?

 

Dan Lohrmann Chief Security Officer & Chief Strategist at Security Mentor Inc.

Daniel J. Lohrmann is an internationally recognized cybersecurity leader, technologist, keynote speaker and author.

During his distinguished career, he has served global organizations in the public and private sectors in a variety of executive leadership capacities, receiving numerous national awards including: CSO of the Year, Public Official of the Year and Computerworld Premier 100 IT Leader.
Lohrmann led Michigan government’s cybersecurity and technology infrastructure teams from May 2002 to August 2014, including enterprisewide Chief Security Officer (CSO), Chief Technology Officer (CTO) and Chief Information Security Officer (CISO) roles in Michigan.

He currently serves as the Chief Security Officer (CSO) and Chief Strategist for Security Mentor Inc. He is leading the development and implementation of Security Mentor’s industry-leading cyber training, consulting and workshops for end users, managers and executives in the public and private sectors. He has advised senior leaders at the White House, National Governors Association (NGA), National Association of State CIOs (NASCIO), U.S. Department of Homeland Security (DHS), federal, state and local government agencies, Fortune 500 companies, small businesses and nonprofit institutions.

He has more than 30 years of experience in the computer industry, beginning his career with the National Security Agency. He worked for three years in England as a senior network engineer for Lockheed Martin (formerly Loral Aerospace) and for four years as a technical director for ManTech International in a US/UK military facility.

Lohrmann is the author of two books: Virtual Integrity: Faithfully Navigating the Brave New Web and BYOD for You: The Guide to Bring Your Own Device to Work. He has been a keynote speaker at global security and technology conferences from South Africa to Dubai and from Washington, D.C., to Moscow.

He holds a master's degree in computer science (CS) from Johns Hopkins University in Baltimore, and a bachelor's degree in CS from Valparaiso University in Indiana.

Follow Lohrmann on Twitter at: @govcso