TA16 "Establish Legitimacy"
Belongs to phase P02 Prepare
Summary: Establish assets that create trust
TA16 Tasks | ||
disarm_id | name | summary |
TA16 Techniques | ||
disarm_id | name | summary |
T0009 | Create fake experts | Stories planted or promoted in computational propaganda operations often make use of experts fabricated from whole cloth, sometimes specifically for the story itself. |
T0009.001 | Utilize Academic/Pseudoscientific Justifications | Utilize Academic/Pseudoscientific Justifications |
T0011 | Compromise legitimate accounts | Hack or take over legimate accounts to distribute misinformation or damaging content. |
T0097 | Create personas | Creating fake people, often with accounts across multiple platforms. These personas can be as simple as a name, can contain slightly more background like location, profile pictures, backstory, or can be effectively backstopped with indicators like fake identity documents. |
T0097.001 | Backstop personas | Create other assets/dossier/cover/fake relationships and/or connections or documents, sites, bylines, attributions, to establish/augment/inflate crediblity/believability |
T0098 | Establish Inauthentic News Sites | Modern computational propaganda makes use of a cadre of imposter news sites spreading globally. These sites, sometimes motivated by concerns other than propaganda--for instance, click-based revenue--often have some superficial markers of authenticity, such as naming and site-design. But many can be quickly exposed with reference to their owenership, reporting history and adverstising details. |
T0098.001 | Create Inauthentic News Sites | Create Inauthentic News Sites |
T0098.002 | Leverage Existing Inauthentic News Sites | Leverage Existing Inauthentic News Sites |
T0099 | Prepare Assets Impersonating Legitimate Entities | An influence operation may prepare assets impersonating legitimate entities to further conceal its network identity and add a layer of legitimacy to its operation content. Users will more likely believe and less likely fact-check news from recognizable sources rather than unknown sites. Legitimate entities may include authentic news outlets, public figures, organizations, or state entities. An influence operation may use a wide variety of cyber techniques to impersonate a legitimate entity’s website or social media account. Typosquatting87 is the international registration of a domain name with purposeful variations of the impersonated domain name through intentional typos, top-level domain (TLD) manipulation, or punycode. Typosquatting facilitates the creation of falsified websites by creating similar domain names in the URL box, leaving it to the user to confirm that the URL is correct. |
T0099.001 | Astroturfing | Astroturfing occurs when an influence operation disguises itself as grassroots movement or organization that supports operation narratives. Unlike butterfly attacks, astroturfing aims to increase the appearance of popular support for the operation cause and does not infiltrate existing groups to discredit their objectives. |
T0099.002 | Spoof/parody account/site | An influence operation may prepare assets impersonating legitimate entities to further conceal its network identity and add a layer of legitimacy to its operation content. Users will more likely believe and less likely fact-check news from recognizable sources rather than unknown sites. Legitimate entities may include authentic news outlets, public figures, organizations, or state entities. |
T0100 | Co-opt Trusted Sources | An influence operation may co-opt trusted sources by infiltrating or repurposing a source to reach a target audience through existing, previously reliable networks. Co-opted trusted sources may include: - National or local new outlets - Research or academic publications - Online blogs or websites |
T0100.001 | Co-Opt Trusted Individuals | Co-Opt Trusted Individuals |
T0100.002 | Co-Opt Grassroots Groups | Co-Opt Grassroots Groups |
T0100.003 | Co-opt Influencers | Co-opt Influencers |
TA16 Counters | ||
disarm_id | name | summary |
TA16 Detections | ||
disarm_id | name | summary |