Microtargeting Unmasked

(I was asked by the United States Secret Service, Army Cyber Institute, and Arizona State University Threatcasting Lab to take the lead on writing our new report “Microtargeting Unmasked,” on the dangers of using new technologies to precisely identify and target individuals with access to high-value targets for espionage, terrorism, and crime. The full report is available here for download; the high-level findings are reprinted below.)

Finding 1: Attacks on High-Value Individuals

Adversaries will use microtargeting to attack figures in military, law enforcement, and civilian leadership, using transitive data and novel technologies to identify and exploit new vulnerabilities.

Microtargeting is poised to rapidly evolve into a set of tools and tactics employed by adversarial state- and non-state actors to target high-value individuals (HVIs) who are critical to the security and stability of the United States. Although the intentions and objectives of those adversaries and targets will vary, the general desired outcome of microtargeting will be to destabilize leadership and degrade the decision-making of federal institutions that are tasked with defending the country.

In addition, microtargeting may not always be aimed at HVIs per se, but rather at surrounding colleagues, direct reports, close friends, and family who might be instrumentalized through deception, coercion, and/or subversion. This expands the potential HVI population. The specific nature of the threat will depend on the target and desired outcome, ranging from kinetic attacks (e.g., towards an individual’s health and well-being) to more subtle campaigns to destroy careers and reputations through planted scandals, corruption, and/or humiliation.

This concept and practice are tied to a commonly used principle of Russian information operations, referred to as kompromat, a term short for “compromising material.” In the past, the KGB used kompromat, often in the form of “sexually-embarrassing dirt on public figures” to manipulate and persuade HVIs into a particular course of action. Attacks on HVIs may integrate this practice with recent technology and updated methods, which will in turn lead to new forms of kompromat.

Easier access to larger and more granular troves of sensitive personal data will likely allow microtargeting to precisely target individuals. This will not simply be a function of “big” data, but of the continued confluence of an ever-lengthening list of sources. These sources range from personal, professional, medical, and financial profiles to social media content, transaction histories, real-time location data, and traces from connected devices, etc. Collectively, this conjoined dataset-of-datasets might be more accurately referred to as transitive data, defined more by the emergent properties and relationships of their linkages as opposed to the sheer size of their sources.

Inevitably, there will be entanglements of delicate information that offer determined attackers the ability to exploit individuals. Sensitive data stolen from one source might unlock access to other channels across the chain — of which the exact length and composition are unknown. This will in turn make it incredibly difficult to safeguard, allowing bad actors both access to the data and the ability to leverage linked data to harm microtargeted individuals and proxies.

New tools will also be available to bad actors, which will give them more power and access to HVIs. Likewise, these tools are expected to be used together. Examples include the use of novel technologies misused for surveillance, evasion, and deception, such as real-time deepfakes, compromised AI assistants, wearable and implantable devices, at-home gene editing kits, and more. For instance, large language models, such as OpenAI’s ChatGPT have quickly spawned seemingly unstable, threatening, and emotionally manipulative chatbots, while televised deepfake disinformation has already been spotted emerging from Venezuela and China.

As attacks are expected to mount on HVIs and their associates, the forces tasked with protecting them are likely to struggle with establishing a defensive perimeter around potential targets. This will also come with a realization that the properties of transitive data may make anticipating threats nearly impossible. A new practice of “reputation management” will likely emerge to combat deepfakes and other hostile tactics, but the threats may not be able to be prevented. However, they may be managed once incited. Given the targets’ essential roles in defense, civil society, and the economy, the potential for escalation will require a broader effort to build more resilient systems for mitigation and recovery as well as protection.

Finding 2: Sowing deception and disinformation among vulnerable populations

Microtargeting was invented to identify and locate increasingly small voter blocs who stood apart from their surrounding electorate and were unresponsive to mainstream norms and messaging. In the two decades since its initial use, the addition of a precarious economy, widening U.S. income inequality, political polarization, and online echo chambers have created an environment that is extremely vulnerable to microtargeting of the disenchanted and disenfranchised. Adversaries can leverage these variables to trigger societal division in pursuit of strategic advantage.

For example, prior to the U.S. presidential election in 2016, Russia’s Internet Research Agency posted disinformation on dueling Facebook groups to independently organize protests alternately opposing and defending a Houston mosque. In another example, later that year, high level political emails were reportedly stolen by Russian-sponsored operatives. This became the seed of a child trafficking conspiracy that would grow and morph into a well-known U.S-based conspiracy group. In both cases, microtargeting attacks provided the spark that rapidly divided populations and spread paranoia.

A current example is the ongoing evolution of a right-wing radicalized channel designed for the Generation Z population that uses platforms, such as TikTok to indoctrinate young audiences with precisely calibrated memes and language. Joshua Citarella, an artist and internet culture researcher, persuasively argues Generation Z is at least partly predisposed to this messaging due to barely suppressed despair. As the artist and technologist James Bridle posits in his book The New Dark Age, contemporaryconspiracy thinking functions as “a kind of folk knowing: an unconscious augury of the conditions, produced by those with a deep, even hidden, awareness of current conditions and no way to articulate them in scientifically acceptable terms.”

The result is an infinite array of subgroups susceptible to microtargeting, whether that means recruiting unwitting proxies for straightforward reasons; sowing disinformation to inspire random radicalization; or by using reflexive control to align their own objectives with the already radicalized.

Once again, novel uses of innovative technology may influence how subgroups are targeted. Bad actors are expected to use malfunctioning, compromised, and stealthily malicious AIs to create impenetrable filter bubbles tailored to individuals and groups.34 They will curate content for users that only shows what the conspiratorial AIs want them to see and nothing else. Virtualized spaces, such as Twitch, Discord, and VRChat, and/or their successors will offer adversaries malleable environments in which to test messaging and recruitment techniques. The line between fantasy and reality may become nearly impossible to distinguish, as humans overuse cameras, sensors, and devices whose outputs can be altered, spoofed, or faked.

Both Facebook in 2016 and QNet in the fictional future “Rescue the Children!” are examples of malleable environments in which the goal is not to target individuals directly, but to imperceptibly alter the circumstances of their decisions. The next step is stochastic terrorism, the microtargeting of a vulnerable subset of the population in hopes that a random member or members will effectively volunteer to attack the HVIs in question.

The stochastic targeting of vulnerable groups will require a response that mimics the combatting of an epidemic more so than traditional counterintelligence or counterterrorism efforts. Because of this dynamic, it is important to address more questions, such as “Who is susceptible to simulated attacks and why?” “How should the federal government identify specific vulnerabilities in various populations?” “How might it prepare for and safeguard against them?”

Finding 3: Attacks on the fighting force

Microtargeting will be used to target military personnel and civilian federal employees in a sustained effort to weaken American defenses.

As microtargeting tools become more affordable to the average person, increase in scale, and are more capable of harnessing transitive data, the definition of an HVI are expected to expand to the forces tasked with protecting the nation and American way of life.

Attacks on soldiers, law enforcement, and supporting agencies will likely be low-level and persistent. It is expected that they will be aimed primarily at compromising security systems and facilities, and will degrade individual and unit cohesion, while undermining public trust. Also expected are tactics like those deployed against HVIs, including corruption through financial incentives, psychological isolation, radicalization, and preying on insecurities.

These vulnerabilities have share a powerful and yet overlooked common effect, which is mental health. Even in the absence of an obvious adversary, compromised mental health poses serious risks to individuals and their units. For example, the scenario named “Private Jane’s Secrets,” raises questions about leadership’s role in monitoring and controlling online behavior. Jane’s secret online life and shocking response raises unsettling questions for leaders. For instance, it leads to the question, “Should federal agencies and the armed forces draft online codes of conduct and intervene more aggressively in personnel’s virtual personas, given the potential effects on their ability to perform their duties?”

In addition, individual and unit readiness is traditionally addressed through physical fitness and skills-based training. Given the mounting urgency to address mental health, there is a pressing question on how federal agencies, including military and law enforcement, should both proactively invest in the psychological fitness of front-line forces and provide them and their families with the resources to recover following an attack.

Although some efforts have been made to address mental health concerns, particularly in response to the recent COVID epidemic, it would benefit the government to develop its own capabilities and competencies with a focus on mental health, especially given the near-infinite attack surface transitive data poses now and in the future.

Finding 4: Attacks on HVIs in the business and financial communities

Criminals and foreign adversaries will target prominent figures in business and finance to manipulate markets and destabilize the U.S. economy and financial systems.

Over the last decade, the rise of in-game virtual economies, universal payment systems, crypto- and digital currencies, such as Bitcoin and the proposed “digital dollar,” as well as blockchain-based tokenized ownership of digital assets together have created exciting new business opportunities. At the same time, they have introduced vulnerabilities into the broader U.S. economic system. This is the result of new and more opaque virtual assets mixing with traditional economic elements, increasing the probability of attacks.

The example of the rise-and-fall of FTX underscores the velocity and size just a handful of actors can achieve with digital assets. A Bahamas-based cryptocurrency exchange, FTX was worth $40 billion before its founders were accused of fraud after losing $8 billion of customer deposits. The firm’s collapse and subsequent fears of proliferation to other cryptocurrency exchanges and the banking system also highlight the dangers of transitive financial data, because these assets are rapidly correlated with other instruments.

Adversaries seeking to harm the financial system and economic health of the United States will target principal figures at these firms, by either attempting to gain access to accounts and critical systems, or by using disinformation to destroy their personal reputations and trust in their institutions. Others may use false customer accounts (“sock puppets”) to perpetuate fraud or launch Trojan Horse attacks. Long-game operations might also include the creation of entire front companies and currencies with the aim of controlling and destroying critical nodes in the virtual financial system.

Finally, the ongoing evolution of in-game economies and other parallel financial systems within virtualized spaces will create new opportunities for criminal activities, such as money laundering and fencing stolen digital assets. These may, in turn, be used as invisible incentives for attackers to cultivate insider threats. It will be necessary to continuously map and understand the ever-changing patterns of these emerging parallel economies.