What Hunts You?
Individuals originating in orderly hierarchies have a terrible time with network threats.
If you are reading this Substack, you or someone who reports to you will be going into a contested virtual space with the intent to either observe or influence that environment. The tactics, techniques, and procedures used for clandestine or covert activity are highly dependent on what you expect to encounter.
Attention Conservation Notice: I’ve been roaming around the dirty end of the field since 2009, sometimes alone, but usually in the company of small groups associated with various social movements. Any positive recommendations found herein are the result of my having been shot to pieces while blundering into situations I came to understand only in retrospect.
Typical Environments:
When I encounter unseasoned groups of irregulars they are in one of two modes. The ones that scare me are oblivious to potential hazards, heedlessly inserting themselves into trouble using the only cell phone they own, unaware they’re putting their entire digital shadow on the table and giving the misfortune wheel a vigorous spin. The other end of the scale are the people who are painfully aware of potential trouble, making an absolute worst case estimate of potential opponents, but they lack the experience to make an educated guess of what they might encounter, compounded by the lack of situational awareness for “unknown unknowns”.
Seasoned irregular group are a variety plate, but all too often one that has sat on the picnic table in the sun a bit too long. Activists are used to dealing with infiltration, but they tend to be short on the technical situational awareness and equipment. Hackers protect themselves against some technical threats, but there’s often a good bit of ego in play, so they’ll take risks without noticing, or count on being denizens of the chaos zone to cover their tracks. A new feature in the last couple years are NGO associated researchers who have an interest in some aspect of our disinformation problem. They’re less aware of social engineering infiltration, but that’s not a huge issue because they don’t tend to network there. They’ll have some set of TTPs for hazardous spaces, but it tends to be less than what’s needed IMHO, and it’s very difficult to encourage improvements.
Opponents:
This is a laundry list of the various hazards I’ve encountered over the years.
Troll crews – boys (and some girls) behaving badly, and what counts as consequences for others not only doesn’t work, it often enhances their stature to be on the receiving end.
Religious fanatics – I’ve seen activity involving Opus Dei, Scientology, nameless evangelical groups, ISIS, Qanon, and there are portions of the Accelerationist realm that show a similar level of commitment.
Hate groups – The Proud Boys and Oath Keepers got clipped, but there are plenty more like them out there. If they’re displaying technical chops that tends to be some other force hiding behind them, and the real issue is their willingness for “kinetic” confrontation.
Domestic law enforcement & associated informants – this is a given for any social movement, they’ll use the aforementioned right wing hate groups as foot soldiers.
Corrupt law enforcement – take all of the prior groups, swirl in the willingness to just outright fabricate “evidence” of crimes, and the thin blue line will protect them no matter how out of bounds their behavior might be.
Allied foreign intel – nominally on “our side”, but entirely willing to sacrifice unseasoned groups in pursuit of whatever their objective might be.
Hostile foreign intel – Wikileaks is the poster child here, a nominally Anonymous culture radical transparency journalism operation, but transparently a Kremlin sock puppet since 2016.
I have a lot of anecdotes about such things, some of which I guess I’ll have to anonamize and mention here in order to convey lessons.
Personalities & Disorders:
The internet is a de facto adult day care for folks who have trouble in the real world. A large portion of “activists” are just unwell attention seekers who get along enough to join the coalitions of the willing who form social movements. Those coming from law enforcement or the military are accustom to a hierarchy that directs activities and insists on standards of behavior. This will all seem foreign and uncomfortable, but it’s inescapable.
Let’s go category by category among the clusters of personality disorders.
The Cluster A(odd/eccentric) character disorders are relatively harmless on their own, but they’re seldom encountered on their own. I’ve long used the phrase “weaponized weirdos” to describe this group. The holotype in this area is a schizotypal former journalist I spoke to once in 2011 who obsessively pursued me for a decade.
Cluster B (emotional/erratic) personality disorder manifestations are arguably the most dangerous, because they are all innately manipulative and they’re just there to get e-famous by wallowing in drama.
Dark Triad psychopaths are often the front men, especially as things start going sideways in terms of an overall movement’s objectives.
Borderline Personality Disorder victims appear to be candidates for NCO type roles, but they hold it together just long enough to put them into positions where they can engage in a lot of drama.
Histrionics are … not a good indicator. Just because someone acts like a total nut, doesn’t mean this is their diagnosis, because people do funny things when they’re under surveillance too long.
Cluster C (anxious/fearful) personality disorders are encountered but the ones that are the real problem are those who have obsessive compulsive behavior. These people are often curators, the institutional memory of a group, or for a cluster of related topics. Their incessant repetitive attention on things that may or may not actually be important (or even real) twists the entire space around them.
Autism and Asperger syndrome are development disorders rather than personality based, but we (I’m on the spectrum, remember?) are over represented online. Some of those who are face blind (I am) find it much more comfortable to interact online. We typically develop “circumscribed interests” that may appear to be an OCD level of focus, but the mechanism is different, it’s less … sticky than an OCD person.
And bringing up the rear are the alcoholics, drug addicts, and social media addicts. These issue are usually comorbid with one or more of the problems described above.
Conclusion:
You poor illegitimates from the world’s orderly hierarchies are gonna have a heck of time here, because there are a lot of two sided coins. You either don’t encounter such people or you can just disregard them. When you go from the big pond into the interconnected small ponds of online movements, you may well encounter a node with a Dark Triad directing the overall action, while getting significant input from a researcher with a dysfunctional level of OCD, with an irregular war diary authored by a schizotypal cryptozoologist. Sounds ridiculous, but I could point to a number of very succcessful examples that fit this mold. And they are just as likely to be allies you’ll need to cultivate as they are to be opponents, or things you can safely ignore.
The internet, when in conflict, is the digital equivalent of Afghanistan’s Khandahar province. Each little valley has its own tribe, and when not united against some outsider they’ll be busy ambushing each other over esoteric disputes. Like Pakistan’s Federally Administered Tribal Areas, the remit of governments are limited by the terrain and combative natives. Like what has evolved in Ukraine, there are intelligence agency tentacles grasping for any assets they can see, as part of the larger nation state conflicts.
This is the way things have been ever since I arrived and the hazards have been steadily escalating since the run up to the 2020 U.S. election. Institutional inertia, domestic polarization, and the fundamental problem any hierarchy faces when presented with a network threat are just some of the reasons we, as a society, are so exposed to this stuff.
You’ll need to harden you and yours based on a realistic assessment of the capabilities employed in any given environment you need to access. This post turned out quite a bit different than I initially envisioned. Some time soon I will cover this in more of a decision matrix fashion.