Webinars and Online Training

Over the past decade, the term "fake news" has become overused and divisive, prompting many to dismiss it outright. This raises questions about how this narrative benefits society—or even aids adversaries. Discussions around "active measures" often miss the mark, failing to grasp the broader implications of such tactics. In today’s information age, traditional cautionary warnings evolve into modern ones like “Beware of geeks bearing gifts,” underscoring the potential manipulation of seemingly benign messages.

This presentation will explore reflexive influence operations, techniques that exploit messaging to align segments of a target audience with adversary objectives. By examining second- and third-order effects, the discussion aims to reveal how such operations succeed in reshaping perceptions and achieving strategic goals. Examples illustrating these tactics will also be provided..

Dr. Fyodor Yarochkin is a Senior Researcher, Forward-Looking Threat Research Senior at Trend Micro with a Ph.D. from EE, National Taiwan University. An early Snort Developer and Open Source Evangelist as well as a Programmer, his professional experience includes several years as a threat investigator and over eight years as an Information Security Analyst.

Fyodor explores the evolution of tools designed to influence public opinion, focusing on physical devices that can shape perception, such as IoT cameras, vehicle telematics, and various other systems.

This presentation is for FIRST Members only, authentication is required on FIRST Portal to preview the video.

For the past five years Krassimir Tzvetanov has been a graduate student at Purdue University focusing on Homeland Security, Threat Intelligence, Operational Security and Influence Operations, in the cyber domain. Before that, Krassimir was a security engineer at a small CDN, where he focused on incident response, investigations and threat research. Previously he worked for companies like Cisco and A10 focusing on threat research and information exchange, DDoS mitigation, product security. Before that Krassimir held several operational (SRE) and security positions at companies like Google and Yahoo! And Cisco. Krassimir is very active in the security research and investigation community and has contributed to FIRST SIGs. He is also a co-founder and ran the BayThreat security conference, and has volunteered in different roles at DefCon, ShmooCon, and DC650. Krassimir holds Bachelors in Electrical Engineering (Communications), Masters in Digital Forensics and Investigations, and Masters in Homeland security.

Overview: In this presentation the author goes over the building blocks of Influence Operations using mass and social media. It covers subjects such as hypodermic needle model, two-step flow of information, gatekeeping, agenda-setting, priming, framing, spiral of silence, echo chambers and cultivation.

In addition, it looks at some of the larger scale operations focused on subversion.

Additional materials

Dr. Fyodor Yarochkin is a Senior Researcher, Forward-Looking Threat Research Senior at Trend Micro with a Ph.D. from EE, National Taiwan University. An early Snort Developer and Open Source Evangelist as well as a Programmer, his professional experience includes several years as a threat investigator and over eight years as an Information Security Analyst.

Fyodor Yarochkin discusses the evolving landscape of cybercrime, particularly the shift from traditional bulletproof hosting services to residential proxies. Researchers, including himself, have noted a growing caution in discussing these entities publicly. Residential proxies are easier and cheaper to maintain and present more complex challenges for defenders because they complicate traffic filtering.

Yarochkin has created a framework, termed a "residential proxy honeypot," to analyze traffic patterns from these proxies. He emphasizes the importance of understanding how these networks operate to effectively monitor and mitigate abuses.

He notes that the residential proxy ecosystem is diverse, featuring numerous small providers alongside larger companies, and highlights the varied marketing strategies used, including black hat forums and Telegram channels. The languages supported by proxy providers often reflect their target customer bases.

Finally, he concludes that there are no truly "good" residential proxy providers, as they all facilitate the bypassing of restrictions, raising ethical concerns about their operations.

This presentation is for FIRST Members only, authentication is required on FIRST Portal to preview the video.

For the past five years Krassimir Tzvetanov has been a graduate student at Purdue University focusing on Homeland Security, Threat Intelligence, Operational Security and Influence Operations, in the cyber domain.Before that, Krassimir was a security engineer at a small CDN, where he focused on incident response, investigations and threat research. Previously he worked for companies like Cisco and A10 focusing on threat research and information exchange, DDoS mitigation, product security. Before that Krassimir held several operational (SRE) and security positions at companies like Google and Yahoo! And Cisco. Krassimir is very active in the security research and investigation community and has contributed to FIRST SIGs. He is also a co-founder and ran the BayThreat security conference, and has volunteered in different roles at DefCon, ShmooCon, and DC650. Krassimir holds Bachelors in Electrical Engineering (Communications), Masters in Digital Forensics and Investigations, and Masters in Homeland security.