Welcome to Memetic Warfare Weekly.

My name is Ari Ben Am, and I’m the founder of Telemetry Data Labs - a Telegram search engine and analytics platform available at Telemetryapp.io. I also do training, consulting and research so if you have any specific needs - feel free to reach out on LinkedIn.

Let’s kick this week off with some sad news for the community.

I Crowdtangle Evrytiem

There’s bad news brewing when it comes to one of my favorite tools, CrowdTangle. I was dismayed to receive the below email recently announcing the imminent death of CrowdTangle in August:

For those curious in reading a longer post about the demise of Crowdtangle, check out Brandon Silverman’s (the gigachad who created CT) post below:

Some Good Trouble

CrowdTangle is dead, long live CrowdTangle!

Today, Meta announced that CrowdTangle would finally be shut down later this year. It’s bittersweet for a lot of reasons (especially seeing all the love from so many old friends today), but it’s also not unexpected. I’ve spent a lot of time over the last two years working on issues related to transparency & data access, i…

Read more

a year ago · 3 likes · Brandon Silverman

I’ve never had the fun of using the full CT interface, but I’ve used the link-checker religiously and for almost every kind of investigation in past years. Hopefully the proposed replacement, the Meta Content Library, will shape up and be a worthy, if not better replacement.

Russians With Avatars
OFAC sanctioned today Russian “agents” responsible for implementing IO via commercial firms:

For more on this, follow Brian Liston on Twitter as he tweets on this content regularly, and is a great resource in general.

From an IO investigation perspective, this is a positive trend. It’s great to see sanctions used as a policy lever in the IO space, including a solid amount of naming and shaming and even TTP exposure as justification. For those readers interested, I’d highly recommend taking a look at those mentioned and mapping out their online activity, corporate structure and so on as an exercise.

Red Vs. Blue

Recorded Future published some interesting red-teaming research on LLMs and their use in cyber/IO, available here.

The report covered a few topics - I’ll briefly comment on two below.

The first I’ll comment on is the use of deepfakes to impersonate executives:

Overall I agree with this statement and believe that we’re not quite there yet with live impersonations, despite all of the FUD going around. Latency is a serious issue, but there’s no doubt that sometime in the near-ish future there will be commercial, or even open-source tooling of a reasonable degree of quality.

As we’ve seen in the past, having certain technologies being stewarded by certain companies isn’t sufficient for security in of itself, and that KYC processes often fail. The use of gen-AI to generate fake credentials, as well as state-sponsored actors with access to false documents, will be a serious thorn in the side of commercial AI companies seeking to prevent exploitation.

The most interesting case in my opinion was the creation of imitation IO sites.

It’s very cool to see the whole process replicated end-to-end, especially the automated analysis of HTMl and image selection.

The limitations found are below:

Overall, this is the more impactful element of gen-AI and IO. As RF has stated, we’ve already seen it and it’ll only continue to happen more frequently, and the monetization element is also quite relevant.

Great job on RF finding the specific issues as well - format selection and so on - that are still hard to automate.

No other notes and we’ll definitely see more on this over time.

Red Post Over China

One of the more notable stories in recent years on Western IO activity was published by Reuters in mid-March, available here.

The article discusses alleged American covert influence activity targeting China, beginning in 2019 and orchestrated by the CIA.

To quote the article: “The CIA team promoted allegations that members of the ruling Communist Party were hiding ill-gotten money overseas and slammed as corrupt and wasteful China’s Belt and Road Initiative, which provides financing for infrastructure projects in the developing world, the sources told Reuters.”

Overall pretty straightforward narratives and allegations. The operation was apparently masterminded by Matt Pottinger, the erstwhile American China “hand” (another phrase, alongside “playbook”, upon which we need an urgent moratorium):

Based upon past American operations, I’m willing to bet that this activity was Weibo-centric in China and Twitter-centric in other countries, but I’d be very, very happy to be proven wrong. Some recent suspect activity, ranging from Intrusion Truth to KasperLeaks to the i-Soon leaks are probably Western, and are probably more effective than past CENTCOM activity (see Graphika/Stanford’s “Unheard Voice” report for more).

Lastly, I have to disagree with Rid here:

This has always happened and will continue to happen regardless of Western activity. This stuff also would be minor compared to say past American videos, which pretty explicitly imply (in a huge self-own in my opinion) that America gets up to supporting opposition groups, check the last one out below:

I’m not one that believes that the West gets overly involved in foreign protest movements without sufficient evidence, so why make such implications in your psyops recruiting videos?

Regardless, it is in fact a good thing for the West to engage in covert IO in certain circumstances and with certain rules of engagement (relying on truthful content, acting ethically and so on), so it’s refreshing to see some more reporting on it.

That’s it for this week!