TA16 "Establish Legitimacy"

Belongs to phase P02 Prepare

Summary: Establish assets that create trust

TA16 Tasks
disarm_idnamesummary

TA16 Techniques
disarm_idnamesummary
T0009 Create fake experts Stories planted or promoted in computational propaganda operations often make use of experts fabricated from whole cloth, sometimes specifically for the story itself.
T0009.001 Utilize Academic/Pseudoscientific Justifications Utilize Academic/Pseudoscientific Justifications
T0011 Compromise legitimate accounts Hack or take over legimate accounts to distribute misinformation or damaging content.
T0097 Create personas Creating fake people, often with accounts across multiple platforms. These personas can be as simple as a name, can contain slightly more background like location, profile pictures, backstory, or can be effectively backstopped with indicators like fake identity documents.
T0097.001 Backstop personas Create other assets/dossier/cover/fake relationships and/or connections or documents, sites, bylines, attributions, to establish/augment/inflate crediblity/believability
T0098 Establish Inauthentic News Sites Modern computational propaganda makes use of a cadre of imposter news sites spreading globally. These sites, sometimes motivated by concerns other than propaganda--for instance, click-based revenue--often have some superficial markers of authenticity, such as naming and site-design. But many can be quickly exposed with reference to their owenership, reporting history and adverstising details.
T0098.001 Create Inauthentic News Sites Create Inauthentic News Sites
T0098.002 Leverage Existing Inauthentic News Sites Leverage Existing Inauthentic News Sites
T0099 Prepare Assets Impersonating Legitimate Entities An influence operation may prepare assets impersonating legitimate entities to further conceal its network identity and add a layer of legitimacy to its operation content. Users will more likely believe and less likely fact-check news from recognizable sources rather than unknown sites. Legitimate entities may include authentic news outlets, public figures, organizations, or state entities. An influence operation may use a wide variety of cyber techniques to impersonate a legitimate entity’s website or social media account. Typosquatting87 is the international registration of a domain name with purposeful variations of the impersonated domain name through intentional typos, top-level domain (TLD) manipulation, or punycode. Typosquatting facilitates the creation of falsified websites by creating similar domain names in the URL box, leaving it to the user to confirm that the URL is correct.
T0099.001 Astroturfing Astroturfing occurs when an influence operation disguises itself as grassroots movement or organization that supports operation narratives. Unlike butterfly attacks, astroturfing aims to increase the appearance of popular support for the operation cause and does not infiltrate existing groups to discredit their objectives.
T0099.002 Spoof/parody account/site An influence operation may prepare assets impersonating legitimate entities to further conceal its network identity and add a layer of legitimacy to its operation content. Users will more likely believe and less likely fact-check news from recognizable sources rather than unknown sites. Legitimate entities may include authentic news outlets, public figures, organizations, or state entities.
T0100 Co-opt Trusted Sources An influence operation may co-opt trusted sources by infiltrating or repurposing a source to reach a target audience through existing, previously reliable networks. Co-opted trusted sources may include: - National or local new outlets - Research or academic publications - Online blogs or websites
T0100.001 Co-Opt Trusted Individuals Co-Opt Trusted Individuals
T0100.002 Co-Opt Grassroots Groups Co-Opt Grassroots Groups
T0100.003 Co-opt Influencers Co-opt Influencers

TA16 Counters
disarm_idnamesummary

TA16 Detections
disarm_idnamesummary
DISARM Frameworks provided CC-by-SA by the DISARM Foundation