|
+| [T0143.002 Fabricated Persona](../../generated_pages/techniques/T0143.002.md) | In this report accounts were identified as part of “a sophisticated and extensive coordinated network orchestrating a disinformation campaign targeting Israeli digital spaces since October 7th, 2023”.
“A core component of the detection methodology was applying qualitative linguistic analysis. This involved checking the fingerprint of language, syntax, and style used in the comments and profile of the suspected account. Each account bio consistently incorporated a combination of specific elements: emojis, nationality, location, educational institution or occupation, age, and a personal quote, sports team or band. The recurrence of this specific formula across multiple accounts hinted at a standardized template for bio construction.”
This example shows how actors can follow a templated formula to present a persona on social media platforms (T0143.002: Fabricated Persona, T0144.002: Persona Template). |
+| [T0144.002 Persona Template](../../generated_pages/techniques/T0144.002.md) | In this report accounts were identified as part of “a sophisticated and extensive coordinated network orchestrating a disinformation campaign targeting Israeli digital spaces since October 7th, 2023”.
“A core component of the detection methodology was applying qualitative linguistic analysis. This involved checking the fingerprint of language, syntax, and style used in the comments and profile of the suspected account. Each account bio consistently incorporated a combination of specific elements: emojis, nationality, location, educational institution or occupation, age, and a personal quote, sports team or band. The recurrence of this specific formula across multiple accounts hinted at a standardized template for bio construction.”
This example shows how actors can follow a templated formula to present a persona on social media platforms (T0143.002: Fabricated Persona, T0144.002: Persona Template). |
+| [T0145.001 Copy Account Imagery](../../generated_pages/techniques/T0145.001.md) | “In the wake of the Hamas attack on October 7th, the Israel Defense Forces (IDF) Information Security Department revealed a campaign of Instagram accounts impersonating young, attractive Israeli women who were actively engaging Israeli soldiers, attempting to extract information through direct messages.
[...]
“Some profiles underwent a reverse-image search of their photos to ascertain their authenticity. Many of the images searched were found to be appropriated from genuine social media profiles or sites such as Pinterest. When this was the case, the account was marked as confirmed to be inauthentic. One innovative method involves using photos that are initially frames from videos, which allows for evading reverse searches in most cases . This is seen in Figure 4, where an image uploaded by an inauthentic account was a screenshot taken from a TikTok video.”
In this example accounts associated with an influence operation used account imagery showing “young, attractive Israeli women” (T0145.006: Attractive Person Account Imagery), with some of these assets taken from existing accounts not associated with the operation (T0145.001: Copy Account Imagery). |
+| [T0145.006 Attractive Person Account Imagery](../../generated_pages/techniques/T0145.006.md) | “In the wake of the Hamas attack on October 7th, the Israel Defense Forces (IDF) Information Security Department revealed a campaign of Instagram accounts impersonating young, attractive Israeli women who were actively engaging Israeli soldiers, attempting to extract information through direct messages.
[...]
“Some profiles underwent a reverse-image search of their photos to ascertain their authenticity. Many of the images searched were found to be appropriated from genuine social media profiles or sites such as Pinterest. When this was the case, the account was marked as confirmed to be inauthentic. One innovative method involves using photos that are initially frames from videos, which allows for evading reverse searches in most cases . This is seen in Figure 4, where an image uploaded by an inauthentic account was a screenshot taken from a TikTok video.”
In this example accounts associated with an influence operation used account imagery showing “young, attractive Israeli women” (T0145.006: Attractive Person Account Imagery), with some of these assets taken from existing accounts not associated with the operation (T0145.001: Copy Account Imagery). |
DO NOT EDIT ABOVE THIS LINE - PLEASE ADD NOTES BELOW
\ No newline at end of file
diff --git a/generated_pages/incidents/I00087.md b/generated_pages/incidents/I00087.md
index 31443cf..280d322 100644
--- a/generated_pages/incidents/I00087.md
+++ b/generated_pages/incidents/I00087.md
@@ -21,10 +21,10 @@
| Technique | Description given for this incident |
| --------- | ------------------------- |
-| [T0097.101 Local Persona](../../generated_pages/techniques/T0097.101.md) | IT00000307 “Another actor operating in China is the American-based company Devumi. Most of the Twitter accounts managed by Devumi resemble real people, and some are even associated with a kind of large-scale social identity theft. At least 55,000 of the accounts use the names, profile pictures, hometowns and other personal details of real Twitter users, including minors, according to The New York Times (Confessore et al., 2018)).”
In this example accounts impersonated real locals while spreading operation narratives (T0143.003: Impersonated Persona, T0097.101: Local Persona). The impersonation included stealing the legitimate accounts’ profile pictures (T0145.001: Copy Account Imagery). |
-| [T0143.003 Impersonated Persona](../../generated_pages/techniques/T0143.003.md) | IT00000306 “Another actor operating in China is the American-based company Devumi. Most of the Twitter accounts managed by Devumi resemble real people, and some are even associated with a kind of large-scale social identity theft. At least 55,000 of the accounts use the names, profile pictures, hometowns and other personal details of real Twitter users, including minors, according to The New York Times (Confessore et al., 2018)).”
In this example accounts impersonated real locals while spreading operation narratives (T0143.003: Impersonated Persona, T0097.101: Local Persona). The impersonation included stealing the legitimate accounts’ profile pictures (T0145.001: Copy Account Imagery). |
-| [T0145.001 Copy Account Imagery](../../generated_pages/techniques/T0145.001.md) | IT00000303 “In 2017, Tanya O'Carroll, a technology and human rights adviser for Amnesty International, published an investigation of the political impact of bots and trolls in Mexico (O’Carroll, 2017). An article by the BBC describes a video showing the operation of a "troll farm" in Mexico, where people were tweeting in support of Enrique Peña Nieto of the PRI in 2012 (Martinez, 2018).
“According to a report published by El País, the main target of parties’ online strategies are young people, including 14 million new voters who are expected to play a decisive role in the outcome of the July 2018 election (Peinado et al., 2018). Thus, one of the strategies employed by these bots was the use of profile photos of attractive people from other countries (Soloff, 2017).”
In this example accounts copied the profile pictures of attractive people from other countries (T0145.001: Copy Account Imagery, T0145.006: Attractive Person Account Imagery). |
-| [T0145.006 Attractive Person Account Imagery](../../generated_pages/techniques/T0145.006.md) | IT00000304 “In 2017, Tanya O'Carroll, a technology and human rights adviser for Amnesty International, published an investigation of the political impact of bots and trolls in Mexico (O’Carroll, 2017). An article by the BBC describes a video showing the operation of a "troll farm" in Mexico, where people were tweeting in support of Enrique Peña Nieto of the PRI in 2012 (Martinez, 2018).
“According to a report published by El País, the main target of parties’ online strategies are young people, including 14 million new voters who are expected to play a decisive role in the outcome of the July 2018 election (Peinado et al., 2018). Thus, one of the strategies employed by these bots was the use of profile photos of attractive people from other countries (Soloff, 2017).”
In this example accounts copied the profile pictures of attractive people from other countries (T0145.001: Copy Account Imagery, T0145.006: Attractive Person Account Imagery). |
+| [T0097.101 Local Persona](../../generated_pages/techniques/T0097.101.md) | “Another actor operating in China is the American-based company Devumi. Most of the Twitter accounts managed by Devumi resemble real people, and some are even associated with a kind of large-scale social identity theft. At least 55,000 of the accounts use the names, profile pictures, hometowns and other personal details of real Twitter users, including minors, according to The New York Times (Confessore et al., 2018)).”
In this example accounts impersonated real locals while spreading operation narratives (T0143.003: Impersonated Persona, T0097.101: Local Persona). The impersonation included stealing the legitimate accounts’ profile pictures (T0145.001: Copy Account Imagery). |
+| [T0143.003 Impersonated Persona](../../generated_pages/techniques/T0143.003.md) | “Another actor operating in China is the American-based company Devumi. Most of the Twitter accounts managed by Devumi resemble real people, and some are even associated with a kind of large-scale social identity theft. At least 55,000 of the accounts use the names, profile pictures, hometowns and other personal details of real Twitter users, including minors, according to The New York Times (Confessore et al., 2018)).”
In this example accounts impersonated real locals while spreading operation narratives (T0143.003: Impersonated Persona, T0097.101: Local Persona). The impersonation included stealing the legitimate accounts’ profile pictures (T0145.001: Copy Account Imagery). |
+| [T0145.001 Copy Account Imagery](../../generated_pages/techniques/T0145.001.md) | “In 2017, Tanya O'Carroll, a technology and human rights adviser for Amnesty International, published an investigation of the political impact of bots and trolls in Mexico (O’Carroll, 2017). An article by the BBC describes a video showing the operation of a "troll farm" in Mexico, where people were tweeting in support of Enrique Peña Nieto of the PRI in 2012 (Martinez, 2018).
“According to a report published by El País, the main target of parties’ online strategies are young people, including 14 million new voters who are expected to play a decisive role in the outcome of the July 2018 election (Peinado et al., 2018). Thus, one of the strategies employed by these bots was the use of profile photos of attractive people from other countries (Soloff, 2017).”
In this example accounts copied the profile pictures of attractive people from other countries (T0145.001: Copy Account Imagery, T0145.006: Attractive Person Account Imagery). |
+| [T0145.006 Attractive Person Account Imagery](../../generated_pages/techniques/T0145.006.md) | “In 2017, Tanya O'Carroll, a technology and human rights adviser for Amnesty International, published an investigation of the political impact of bots and trolls in Mexico (O’Carroll, 2017). An article by the BBC describes a video showing the operation of a "troll farm" in Mexico, where people were tweeting in support of Enrique Peña Nieto of the PRI in 2012 (Martinez, 2018).
“According to a report published by El País, the main target of parties’ online strategies are young people, including 14 million new voters who are expected to play a decisive role in the outcome of the July 2018 election (Peinado et al., 2018). Thus, one of the strategies employed by these bots was the use of profile photos of attractive people from other countries (Soloff, 2017).”
In this example accounts copied the profile pictures of attractive people from other countries (T0145.001: Copy Account Imagery, T0145.006: Attractive Person Account Imagery). |
DO NOT EDIT ABOVE THIS LINE - PLEASE ADD NOTES BELOW
\ No newline at end of file
diff --git a/generated_pages/incidents/I00088.md b/generated_pages/incidents/I00088.md
index 545d25c..4976fc9 100644
--- a/generated_pages/incidents/I00088.md
+++ b/generated_pages/incidents/I00088.md
@@ -21,10 +21,10 @@
| Technique | Description given for this incident |
| --------- | ------------------------- |
-| [T0085.008 Machine Translated Text](../../generated_pages/techniques/T0085.008.md) | IT00000310 “The broader War of Somethings (WoS) network, so dubbed because all the Facebook pages and user accounts in the network are connected to “The War of Somethings” page, behaves very similarly to previous Spamouflage campaigns. [Spamouflage is a coordinated inauthentic behaviour network attributed to the Chinese state.]
“Like other components of Spamouflage, the WoS network sometimes intersperses apolitical content with its more agenda-driven material. Many members post nearly identical comments at almost the same time. The text includes markers of automatic translation while error messages included as profile photos indicate the automated pulling of stock images.”
In this example analysts found an indicator of automated use of stock images in Facebook accounts; some of the accounts in the network appeared to have mistakenly uploaded error messages as profile pictures (T0145.007: Stock Image Account Imagery). The text posted by the accounts also appeared to have been translated using automation (T0085.008: Machine Translated Text). |
-| [T0145.002 AI-Generated Account Imagery](../../generated_pages/techniques/T0145.002.md) | IT00000309 “The broader War of Somethings (WoS) network, so dubbed because all the Facebook pages and user accounts in the network are connected to “The War of Somethings” page, behaves very similarly to previous Spamouflage campaigns.
“Spamouflage is a coordinated inatuhentic behaviour network attributed to the Chinese state.
“Despite the WoS network’s relative sophistication, there are tell-tale signs that it is an influence operation. Several user profile photos display signs of AI generation or do not match the profile’s listed gender.”
A network of accounts connected to the facebook page “The War of Somethings” used AI-generated images of people as their profile picture (T0145.002: AI-Generated Account Imagery). |
-| [T0145.003 Animal Account Imagery](../../generated_pages/techniques/T0145.003.md) | IT00000308 “Beneath a video on Facebook about the war between Israel and Hamas, Lamonica Trout commented, “America is the war monger, the Jew’s own son!” She left identical comments beneath the same video on two other Facebook pages. Trout’s profile provides no information besides her name. It lists no friends, and there is not a single post or photograph in her feed. Trout’s profile photo shows an alligator.
“Lamonica Trout is likely an invention of the group behind Spamouflage, an ongoing, multi-year influence operation that promotes Beijing’s interests. Last year, Facebook’s parent company, Meta, took down 7,704 accounts and 954 pages it identified as part of the Spamouflage operation, which it described as the “largest known cross-platform influence operation [Meta had] disrupted to date.”2 Facebook’s terms of service prohibit a range of deceptive and inauthentic behaviors, including efforts to conceal the purpose of social media activity or the identity of those behind it.”
In this example an account attributed to a multi-year influence operation created the persona of Lamonica Trout in a Facebook account, which used an image of an animal in its profile picture (T0145.003: Animal Account Imagery). |
-| [T0145.007 Stock Image Account Imagery](../../generated_pages/techniques/T0145.007.md) | IT00000311 “The broader War of Somethings (WoS) network, so dubbed because all the Facebook pages and user accounts in the network are connected to “The War of Somethings” page, behaves very similarly to previous Spamouflage campaigns. [Spamouflage is a coordinated inauthentic behaviour network attributed to the Chinese state.]
“Like other components of Spamouflage, the WoS network sometimes intersperses apolitical content with its more agenda-driven material. Many members post nearly identical comments at almost the same time. The text includes markers of automatic translation while error messages included as profile photos indicate the automated pulling of stock images.”
In this example analysts found an indicator of automated use of stock images in Facebook accounts; some of the accounts in the network appeared to have mistakenly uploaded error messages as profile pictures (T0145.007: Stock Image Account Imagery). The text posted by the accounts also appeared to have been translated using automation (T0085.008: Machine Translated Text). |
+| [T0085.008 Machine Translated Text](../../generated_pages/techniques/T0085.008.md) | “The broader War of Somethings (WoS) network, so dubbed because all the Facebook pages and user accounts in the network are connected to “The War of Somethings” page, behaves very similarly to previous Spamouflage campaigns. [Spamouflage is a coordinated inauthentic behaviour network attributed to the Chinese state.]
“Like other components of Spamouflage, the WoS network sometimes intersperses apolitical content with its more agenda-driven material. Many members post nearly identical comments at almost the same time. The text includes markers of automatic translation while error messages included as profile photos indicate the automated pulling of stock images.”
In this example analysts found an indicator of automated use of stock images in Facebook accounts; some of the accounts in the network appeared to have mistakenly uploaded error messages as profile pictures (T0145.007: Stock Image Account Imagery). The text posted by the accounts also appeared to have been translated using automation (T0085.008: Machine Translated Text). |
+| [T0145.002 AI-Generated Account Imagery](../../generated_pages/techniques/T0145.002.md) | “The broader War of Somethings (WoS) network, so dubbed because all the Facebook pages and user accounts in the network are connected to “The War of Somethings” page, behaves very similarly to previous Spamouflage campaigns.
“Spamouflage is a coordinated inatuhentic behaviour network attributed to the Chinese state.
“Despite the WoS network’s relative sophistication, there are tell-tale signs that it is an influence operation. Several user profile photos display signs of AI generation or do not match the profile’s listed gender.”
A network of accounts connected to the facebook page “The War of Somethings” used AI-generated images of people as their profile picture (T0145.002: AI-Generated Account Imagery). |
+| [T0145.003 Animal Account Imagery](../../generated_pages/techniques/T0145.003.md) | “Beneath a video on Facebook about the war between Israel and Hamas, Lamonica Trout commented, “America is the war monger, the Jew’s own son!” She left identical comments beneath the same video on two other Facebook pages. Trout’s profile provides no information besides her name. It lists no friends, and there is not a single post or photograph in her feed. Trout’s profile photo shows an alligator.
“Lamonica Trout is likely an invention of the group behind Spamouflage, an ongoing, multi-year influence operation that promotes Beijing’s interests. Last year, Facebook’s parent company, Meta, took down 7,704 accounts and 954 pages it identified as part of the Spamouflage operation, which it described as the “largest known cross-platform influence operation [Meta had] disrupted to date.”2 Facebook’s terms of service prohibit a range of deceptive and inauthentic behaviors, including efforts to conceal the purpose of social media activity or the identity of those behind it.”
In this example an account attributed to a multi-year influence operation created the persona of Lamonica Trout in a Facebook account, which used an image of an animal in its profile picture (T0145.003: Animal Account Imagery). |
+| [T0145.007 Stock Image Account Imagery](../../generated_pages/techniques/T0145.007.md) | “The broader War of Somethings (WoS) network, so dubbed because all the Facebook pages and user accounts in the network are connected to “The War of Somethings” page, behaves very similarly to previous Spamouflage campaigns. [Spamouflage is a coordinated inauthentic behaviour network attributed to the Chinese state.]
“Like other components of Spamouflage, the WoS network sometimes intersperses apolitical content with its more agenda-driven material. Many members post nearly identical comments at almost the same time. The text includes markers of automatic translation while error messages included as profile photos indicate the automated pulling of stock images.”
In this example analysts found an indicator of automated use of stock images in Facebook accounts; some of the accounts in the network appeared to have mistakenly uploaded error messages as profile pictures (T0145.007: Stock Image Account Imagery). The text posted by the accounts also appeared to have been translated using automation (T0085.008: Machine Translated Text). |
DO NOT EDIT ABOVE THIS LINE - PLEASE ADD NOTES BELOW
\ No newline at end of file
diff --git a/generated_pages/incidents/I00089.md b/generated_pages/incidents/I00089.md
index 24affe2..8d0858c 100644
--- a/generated_pages/incidents/I00089.md
+++ b/generated_pages/incidents/I00089.md
@@ -21,9 +21,9 @@
| Technique | Description given for this incident |
| --------- | ------------------------- |
-| [T0097.109 Romantic Suitor Persona](../../generated_pages/techniques/T0097.109.md) | IT00000313 “On Facebook, Rita, Alona and Christina appeared to be just like the millions of other U.S citizens sharing their lives with the world. They discussed family outings, shared emojis and commented on each other's photographs.
“In reality, the three accounts were part of a highly-targeted cybercrime operation, used to spread malware that was able to steal passwords and spy on victims.
“Hackers with links to Lebanon likely ran the covert scheme using a strain of malware dubbed "Tempting Cedar Spyware," according to researchers from Prague-based anti-virus company Avast, which detailed its findings in a report released on Wednesday.
“In a honey trap tactic as old as time, the culprits' targets were mostly male, and lured by fake attractive women.
“In the attack, hackers would send flirtatious messages using Facebook to the chosen victims, encouraging them to download a second , booby-trapped, chat application known as Kik Messenger to have "more secure" conversations. Upon analysis, Avast experts found that "many fell for the trap.””
In this example threat actors took on the persona of a romantic suitor on Facebook, directing their targets to another platform (T0097:109 Romantic Suitor Persona, T0145.006: Attractive Person Account Imagery, T0143.002: Fabricated Persona). |
-| [T0143.002 Fabricated Persona](../../generated_pages/techniques/T0143.002.md) | IT00000314 “On Facebook, Rita, Alona and Christina appeared to be just like the millions of other U.S citizens sharing their lives with the world. They discussed family outings, shared emojis and commented on each other's photographs.
“In reality, the three accounts were part of a highly-targeted cybercrime operation, used to spread malware that was able to steal passwords and spy on victims.
“Hackers with links to Lebanon likely ran the covert scheme using a strain of malware dubbed "Tempting Cedar Spyware," according to researchers from Prague-based anti-virus company Avast, which detailed its findings in a report released on Wednesday.
“In a honey trap tactic as old as time, the culprits' targets were mostly male, and lured by fake attractive women.
“In the attack, hackers would send flirtatious messages using Facebook to the chosen victims, encouraging them to download a second , booby-trapped, chat application known as Kik Messenger to have "more secure" conversations. Upon analysis, Avast experts found that "many fell for the trap.””
In this example threat actors took on the persona of a romantic suitor on Facebook, directing their targets to another platform (T0097:109 Romantic Suitor Persona, T0145.006: Attractive Person Account Imagery, T0143.002: Fabricated Persona). |
-| [T0145.006 Attractive Person Account Imagery](../../generated_pages/techniques/T0145.006.md) | IT00000312 “On Facebook, Rita, Alona and Christina appeared to be just like the millions of other U.S citizens sharing their lives with the world. They discussed family outings, shared emojis and commented on each other's photographs.
“In reality, the three accounts were part of a highly-targeted cybercrime operation, used to spread malware that was able to steal passwords and spy on victims.
“Hackers with links to Lebanon likely ran the covert scheme using a strain of malware dubbed "Tempting Cedar Spyware," according to researchers from Prague-based anti-virus company Avast, which detailed its findings in a report released on Wednesday.
“In a honey trap tactic as old as time, the culprits' targets were mostly male, and lured by fake attractive women.
“In the attack, hackers would send flirtatious messages using Facebook to the chosen victims, encouraging them to download a second , booby-trapped, chat application known as Kik Messenger to have "more secure" conversations. Upon analysis, Avast experts found that "many fell for the trap.””
In this example threat actors took on the persona of a romantic suitor on Facebook, directing their targets to another platform (T0097:109 Romantic Suitor Persona, T0145.006: Attractive Person Account Imagery, T0143.002: Fabricated Persona). |
+| [T0097.109 Romantic Suitor Persona](../../generated_pages/techniques/T0097.109.md) | “On Facebook, Rita, Alona and Christina appeared to be just like the millions of other U.S citizens sharing their lives with the world. They discussed family outings, shared emojis and commented on each other's photographs.
“In reality, the three accounts were part of a highly-targeted cybercrime operation, used to spread malware that was able to steal passwords and spy on victims.
“Hackers with links to Lebanon likely ran the covert scheme using a strain of malware dubbed "Tempting Cedar Spyware," according to researchers from Prague-based anti-virus company Avast, which detailed its findings in a report released on Wednesday.
“In a honey trap tactic as old as time, the culprits' targets were mostly male, and lured by fake attractive women.
“In the attack, hackers would send flirtatious messages using Facebook to the chosen victims, encouraging them to download a second , booby-trapped, chat application known as Kik Messenger to have "more secure" conversations. Upon analysis, Avast experts found that "many fell for the trap.””
In this example threat actors took on the persona of a romantic suitor on Facebook, directing their targets to another platform (T0097:109 Romantic Suitor Persona, T0145.006: Attractive Person Account Imagery, T0143.002: Fabricated Persona). |
+| [T0143.002 Fabricated Persona](../../generated_pages/techniques/T0143.002.md) | “On Facebook, Rita, Alona and Christina appeared to be just like the millions of other U.S citizens sharing their lives with the world. They discussed family outings, shared emojis and commented on each other's photographs.
“In reality, the three accounts were part of a highly-targeted cybercrime operation, used to spread malware that was able to steal passwords and spy on victims.
“Hackers with links to Lebanon likely ran the covert scheme using a strain of malware dubbed "Tempting Cedar Spyware," according to researchers from Prague-based anti-virus company Avast, which detailed its findings in a report released on Wednesday.
“In a honey trap tactic as old as time, the culprits' targets were mostly male, and lured by fake attractive women.
“In the attack, hackers would send flirtatious messages using Facebook to the chosen victims, encouraging them to download a second , booby-trapped, chat application known as Kik Messenger to have "more secure" conversations. Upon analysis, Avast experts found that "many fell for the trap.””
In this example threat actors took on the persona of a romantic suitor on Facebook, directing their targets to another platform (T0097:109 Romantic Suitor Persona, T0145.006: Attractive Person Account Imagery, T0143.002: Fabricated Persona). |
+| [T0145.006 Attractive Person Account Imagery](../../generated_pages/techniques/T0145.006.md) | “On Facebook, Rita, Alona and Christina appeared to be just like the millions of other U.S citizens sharing their lives with the world. They discussed family outings, shared emojis and commented on each other's photographs.
“In reality, the three accounts were part of a highly-targeted cybercrime operation, used to spread malware that was able to steal passwords and spy on victims.
“Hackers with links to Lebanon likely ran the covert scheme using a strain of malware dubbed "Tempting Cedar Spyware," according to researchers from Prague-based anti-virus company Avast, which detailed its findings in a report released on Wednesday.
“In a honey trap tactic as old as time, the culprits' targets were mostly male, and lured by fake attractive women.
“In the attack, hackers would send flirtatious messages using Facebook to the chosen victims, encouraging them to download a second , booby-trapped, chat application known as Kik Messenger to have "more secure" conversations. Upon analysis, Avast experts found that "many fell for the trap.””
In this example threat actors took on the persona of a romantic suitor on Facebook, directing their targets to another platform (T0097:109 Romantic Suitor Persona, T0145.006: Attractive Person Account Imagery, T0143.002: Fabricated Persona). |
DO NOT EDIT ABOVE THIS LINE - PLEASE ADD NOTES BELOW
\ No newline at end of file
diff --git a/generated_pages/incidents/I00091.md b/generated_pages/incidents/I00091.md
index 6421b7e..a244dd5 100644
--- a/generated_pages/incidents/I00091.md
+++ b/generated_pages/incidents/I00091.md
@@ -21,9 +21,9 @@
| Technique | Description given for this incident |
| --------- | ------------------------- |
-| [T0097.106 Recruiter Persona](../../generated_pages/techniques/T0097.106.md) | IT00000316 “Earlier in July [2021], an account posing as a Swiss biologist called Wilson Edwards had made statements on Facebook and Twitter that the United States was applying pressure on the World Health Organization scientists who were studying the origins of Covid-19 in an attempt to blame the virus on China.
“State media outlets, including CGTN, Shanghai Daily and Global Times, had cited the so-called biologist based on his Facebook profile.
“However, the Swiss embassy said in August that the person likely did not exist, as the Facebook account was opened only two weeks prior to its first post and only had three friends.
“It added "there was no registry of a Swiss citizen with the name "Wilson Edwards" and no academic articles under the name", and urged Chinese media outlets to take down any mention of him.
[...]
“It also said that his profile photo also appeared to have been generated using machine-learning capabilities.”
In this example an account created on Facebook presented itself as a Swiss biologist to present a narrative related to COVID-19 (T0143.002: Fabricated Persona, T0097.106: Researcher Persona). It used an AI-Generated profile picture to disguise itself (T0145.002: AI-Generated Account Imagery). |
-| [T0143.002 Fabricated Persona](../../generated_pages/techniques/T0143.002.md) | IT00000315 “Earlier in July [2021], an account posing as a Swiss biologist called Wilson Edwards had made statements on Facebook and Twitter that the United States was applying pressure on the World Health Organization scientists who were studying the origins of Covid-19 in an attempt to blame the virus on China.
“State media outlets, including CGTN, Shanghai Daily and Global Times, had cited the so-called biologist based on his Facebook profile.
“However, the Swiss embassy said in August that the person likely did not exist, as the Facebook account was opened only two weeks prior to its first post and only had three friends.
“It added "there was no registry of a Swiss citizen with the name "Wilson Edwards" and no academic articles under the name", and urged Chinese media outlets to take down any mention of him.
[...]
“It also said that his profile photo also appeared to have been generated using machine-learning capabilities.”
In this example an account created on Facebook presented itself as a Swiss biologist to present a narrative related to COVID-19 (T0143.002: Fabricated Persona, T0097.106: Researcher Persona). It used an AI-Generated profile picture to disguise itself (T0145.002: AI-Generated Account Imagery). |
-| [T0145.002 AI-Generated Account Imagery](../../generated_pages/techniques/T0145.002.md) | IT00000317 “Earlier in July [2021], an account posing as a Swiss biologist called Wilson Edwards had made statements on Facebook and Twitter that the United States was applying pressure on the World Health Organization scientists who were studying the origins of Covid-19 in an attempt to blame the virus on China.
“State media outlets, including CGTN, Shanghai Daily and Global Times, had cited the so-called biologist based on his Facebook profile.
“However, the Swiss embassy said in August that the person likely did not exist, as the Facebook account was opened only two weeks prior to its first post and only had three friends.
“It added "there was no registry of a Swiss citizen with the name "Wilson Edwards" and no academic articles under the name", and urged Chinese media outlets to take down any mention of him.
[...]
“It also said that his profile photo also appeared to have been generated using machine-learning capabilities.”
In this example an account created on Facebook presented itself as a Swiss biologist to present a narrative related to COVID-19 (T0143.002: Fabricated Persona, T0097.106: Researcher Persona). It used an AI-Generated profile picture to disguise itself (T0145.002: AI-Generated Account Imagery). |
+| [T0097.106 Recruiter Persona](../../generated_pages/techniques/T0097.106.md) | “Earlier in July [2021], an account posing as a Swiss biologist called Wilson Edwards had made statements on Facebook and Twitter that the United States was applying pressure on the World Health Organization scientists who were studying the origins of Covid-19 in an attempt to blame the virus on China.
“State media outlets, including CGTN, Shanghai Daily and Global Times, had cited the so-called biologist based on his Facebook profile.
“However, the Swiss embassy said in August that the person likely did not exist, as the Facebook account was opened only two weeks prior to its first post and only had three friends.
“It added "there was no registry of a Swiss citizen with the name "Wilson Edwards" and no academic articles under the name", and urged Chinese media outlets to take down any mention of him.
[...]
“It also said that his profile photo also appeared to have been generated using machine-learning capabilities.”
In this example an account created on Facebook presented itself as a Swiss biologist to present a narrative related to COVID-19 (T0143.002: Fabricated Persona, T0097.106: Researcher Persona). It used an AI-Generated profile picture to disguise itself (T0145.002: AI-Generated Account Imagery). |
+| [T0143.002 Fabricated Persona](../../generated_pages/techniques/T0143.002.md) | “Earlier in July [2021], an account posing as a Swiss biologist called Wilson Edwards had made statements on Facebook and Twitter that the United States was applying pressure on the World Health Organization scientists who were studying the origins of Covid-19 in an attempt to blame the virus on China.
“State media outlets, including CGTN, Shanghai Daily and Global Times, had cited the so-called biologist based on his Facebook profile.
“However, the Swiss embassy said in August that the person likely did not exist, as the Facebook account was opened only two weeks prior to its first post and only had three friends.
“It added "there was no registry of a Swiss citizen with the name "Wilson Edwards" and no academic articles under the name", and urged Chinese media outlets to take down any mention of him.
[...]
“It also said that his profile photo also appeared to have been generated using machine-learning capabilities.”
In this example an account created on Facebook presented itself as a Swiss biologist to present a narrative related to COVID-19 (T0143.002: Fabricated Persona, T0097.106: Researcher Persona). It used an AI-Generated profile picture to disguise itself (T0145.002: AI-Generated Account Imagery). |
+| [T0145.002 AI-Generated Account Imagery](../../generated_pages/techniques/T0145.002.md) | “Earlier in July [2021], an account posing as a Swiss biologist called Wilson Edwards had made statements on Facebook and Twitter that the United States was applying pressure on the World Health Organization scientists who were studying the origins of Covid-19 in an attempt to blame the virus on China.
“State media outlets, including CGTN, Shanghai Daily and Global Times, had cited the so-called biologist based on his Facebook profile.
“However, the Swiss embassy said in August that the person likely did not exist, as the Facebook account was opened only two weeks prior to its first post and only had three friends.
“It added "there was no registry of a Swiss citizen with the name "Wilson Edwards" and no academic articles under the name", and urged Chinese media outlets to take down any mention of him.
[...]
“It also said that his profile photo also appeared to have been generated using machine-learning capabilities.”
In this example an account created on Facebook presented itself as a Swiss biologist to present a narrative related to COVID-19 (T0143.002: Fabricated Persona, T0097.106: Researcher Persona). It used an AI-Generated profile picture to disguise itself (T0145.002: AI-Generated Account Imagery). |
DO NOT EDIT ABOVE THIS LINE - PLEASE ADD NOTES BELOW
\ No newline at end of file
diff --git a/generated_pages/incidents/I00093.md b/generated_pages/incidents/I00093.md
index 2db8f70..b9741b8 100644
--- a/generated_pages/incidents/I00093.md
+++ b/generated_pages/incidents/I00093.md
@@ -21,9 +21,9 @@
| Technique | Description given for this incident |
| --------- | ------------------------- |
-| [T0097.111 Government Official Persona](../../generated_pages/techniques/T0097.111.md) | IT00000343 “On October 23, Canada’s Foreign Ministry said it had discovered a disinformation campaign, likely tied to China, aimed at discrediting dozens of Canadian politicians, including Prime Minister Justin Trudeau.
“The ministry said the campaign took place in August and September. It used new and hijacked social media accounts to bulk-post messages targeting Canadian politicians (T0146: Account Asset, T0150.001: Newly Created Asset, T0150.005: Compromised Asset).
“A Chinese Embassy in Canada spokesperson dismissed Canada’s accusation as baseless.
““Canada was a downright liar and disseminator of false information… Beijing has never meddled in another nation’s domestic affairs.”
“A Chinese Embassy in Canada spokesperson dismissed Canada’s accusation as baseless.
“That is false.
“The Canadian government's report is based on an investigation conducted by its Rapid Response Mechanism cyber intelligence unit in cooperation with the social media platforms.
“The investigation exposed China’s disinformation campaign dubbed “Spamouflage” -- for its tactic of using “a network of new or hijacked social media accounts that posts and increases the number of propaganda messages across multiple social media platforms – including Facebook, X/Twitter, Instagram, YouTube, Medium, Reddit, TikTok, and LinkedIn.””
In this case a network of accounts attributed to China were identified operating on multiple platforms. The report was dismissed as false information by an official in the Chinese Embassy in Canada (T0143.001: Authentic Persona, T0097.111: Government Official Persona, T0129.006: Deny Involvement). |
-| [T0129.006 Deny Involvement](../../generated_pages/techniques/T0129.006.md) | IT00000344 “On October 23, Canada’s Foreign Ministry said it had discovered a disinformation campaign, likely tied to China, aimed at discrediting dozens of Canadian politicians, including Prime Minister Justin Trudeau.
“The ministry said the campaign took place in August and September. It used new and hijacked social media accounts to bulk-post messages targeting Canadian politicians (T0146: Account Asset, T0150.001: Newly Created Asset, T0150.005: Compromised Asset).
“A Chinese Embassy in Canada spokesperson dismissed Canada’s accusation as baseless.
““Canada was a downright liar and disseminator of false information… Beijing has never meddled in another nation’s domestic affairs.”
“A Chinese Embassy in Canada spokesperson dismissed Canada’s accusation as baseless.
“That is false.
“The Canadian government's report is based on an investigation conducted by its Rapid Response Mechanism cyber intelligence unit in cooperation with the social media platforms.
“The investigation exposed China’s disinformation campaign dubbed “Spamouflage” -- for its tactic of using “a network of new or hijacked social media accounts that posts and increases the number of propaganda messages across multiple social media platforms – including Facebook, X/Twitter, Instagram, YouTube, Medium, Reddit, TikTok, and LinkedIn.””
In this case a network of accounts attributed to China were identified operating on multiple platforms. The report was dismissed as false information by an official in the Chinese Embassy in Canada (T0143.001: Authentic Persona, T0097.111: Government Official Persona, T0129.006: Deny Involvement). |
-| [T0143.001 Authentic Persona](../../generated_pages/techniques/T0143.001.md) | IT00000342 “On October 23, Canada’s Foreign Ministry said it had discovered a disinformation campaign, likely tied to China, aimed at discrediting dozens of Canadian politicians, including Prime Minister Justin Trudeau.
“The ministry said the campaign took place in August and September. It used new and hijacked social media accounts to bulk-post messages targeting Canadian politicians (T0146: Account Asset, T0150.001: Newly Created Asset, T0150.005: Compromised Asset).
“A Chinese Embassy in Canada spokesperson dismissed Canada’s accusation as baseless.
““Canada was a downright liar and disseminator of false information… Beijing has never meddled in another nation’s domestic affairs.”
“A Chinese Embassy in Canada spokesperson dismissed Canada’s accusation as baseless.
“That is false.
“The Canadian government's report is based on an investigation conducted by its Rapid Response Mechanism cyber intelligence unit in cooperation with the social media platforms.
“The investigation exposed China’s disinformation campaign dubbed “Spamouflage” -- for its tactic of using “a network of new or hijacked social media accounts that posts and increases the number of propaganda messages across multiple social media platforms – including Facebook, X/Twitter, Instagram, YouTube, Medium, Reddit, TikTok, and LinkedIn.””
In this case a network of accounts attributed to China were identified operating on multiple platforms. The report was dismissed as false information by an official in the Chinese Embassy in Canada (T0143.001: Authentic Persona, T0097.111: Government Official Persona, T0129.006: Deny Involvement). |
+| [T0097.111 Government Official Persona](../../generated_pages/techniques/T0097.111.md) | “On October 23, Canada’s Foreign Ministry said it had discovered a disinformation campaign, likely tied to China, aimed at discrediting dozens of Canadian politicians, including Prime Minister Justin Trudeau.
“The ministry said the campaign took place in August and September. It used new and hijacked social media accounts to bulk-post messages targeting Canadian politicians (T0146: Account Asset, T0150.001: Newly Created Asset, T0150.005: Compromised Asset).
“A Chinese Embassy in Canada spokesperson dismissed Canada’s accusation as baseless.
““Canada was a downright liar and disseminator of false information… Beijing has never meddled in another nation’s domestic affairs.”
“A Chinese Embassy in Canada spokesperson dismissed Canada’s accusation as baseless.
“That is false.
“The Canadian government's report is based on an investigation conducted by its Rapid Response Mechanism cyber intelligence unit in cooperation with the social media platforms.
“The investigation exposed China’s disinformation campaign dubbed “Spamouflage” -- for its tactic of using “a network of new or hijacked social media accounts that posts and increases the number of propaganda messages across multiple social media platforms – including Facebook, X/Twitter, Instagram, YouTube, Medium, Reddit, TikTok, and LinkedIn.””
In this case a network of accounts attributed to China were identified operating on multiple platforms. The report was dismissed as false information by an official in the Chinese Embassy in Canada (T0143.001: Authentic Persona, T0097.111: Government Official Persona, T0129.006: Deny Involvement). |
+| [T0129.006 Deny Involvement](../../generated_pages/techniques/T0129.006.md) | “On October 23, Canada’s Foreign Ministry said it had discovered a disinformation campaign, likely tied to China, aimed at discrediting dozens of Canadian politicians, including Prime Minister Justin Trudeau.
“The ministry said the campaign took place in August and September. It used new and hijacked social media accounts to bulk-post messages targeting Canadian politicians (T0146: Account Asset, T0150.001: Newly Created Asset, T0150.005: Compromised Asset).
“A Chinese Embassy in Canada spokesperson dismissed Canada’s accusation as baseless.
““Canada was a downright liar and disseminator of false information… Beijing has never meddled in another nation’s domestic affairs.”
“A Chinese Embassy in Canada spokesperson dismissed Canada’s accusation as baseless.
“That is false.
“The Canadian government's report is based on an investigation conducted by its Rapid Response Mechanism cyber intelligence unit in cooperation with the social media platforms.
“The investigation exposed China’s disinformation campaign dubbed “Spamouflage” -- for its tactic of using “a network of new or hijacked social media accounts that posts and increases the number of propaganda messages across multiple social media platforms – including Facebook, X/Twitter, Instagram, YouTube, Medium, Reddit, TikTok, and LinkedIn.””
In this case a network of accounts attributed to China were identified operating on multiple platforms. The report was dismissed as false information by an official in the Chinese Embassy in Canada (T0143.001: Authentic Persona, T0097.111: Government Official Persona, T0129.006: Deny Involvement). |
+| [T0143.001 Authentic Persona](../../generated_pages/techniques/T0143.001.md) | “On October 23, Canada’s Foreign Ministry said it had discovered a disinformation campaign, likely tied to China, aimed at discrediting dozens of Canadian politicians, including Prime Minister Justin Trudeau.
“The ministry said the campaign took place in August and September. It used new and hijacked social media accounts to bulk-post messages targeting Canadian politicians (T0146: Account Asset, T0150.001: Newly Created Asset, T0150.005: Compromised Asset).
“A Chinese Embassy in Canada spokesperson dismissed Canada’s accusation as baseless.
““Canada was a downright liar and disseminator of false information… Beijing has never meddled in another nation’s domestic affairs.”
“A Chinese Embassy in Canada spokesperson dismissed Canada’s accusation as baseless.
“That is false.
“The Canadian government's report is based on an investigation conducted by its Rapid Response Mechanism cyber intelligence unit in cooperation with the social media platforms.
“The investigation exposed China’s disinformation campaign dubbed “Spamouflage” -- for its tactic of using “a network of new or hijacked social media accounts that posts and increases the number of propaganda messages across multiple social media platforms – including Facebook, X/Twitter, Instagram, YouTube, Medium, Reddit, TikTok, and LinkedIn.””
In this case a network of accounts attributed to China were identified operating on multiple platforms. The report was dismissed as false information by an official in the Chinese Embassy in Canada (T0143.001: Authentic Persona, T0097.111: Government Official Persona, T0129.006: Deny Involvement). |
DO NOT EDIT ABOVE THIS LINE - PLEASE ADD NOTES BELOW
\ No newline at end of file
diff --git a/generated_pages/incidents/I00094.md b/generated_pages/incidents/I00094.md
index 059921d..a62f448 100644
--- a/generated_pages/incidents/I00094.md
+++ b/generated_pages/incidents/I00094.md
@@ -21,9 +21,9 @@
| Technique | Description given for this incident |
| --------- | ------------------------- |
-| [T0097.201 Local Institution Persona](../../generated_pages/techniques/T0097.201.md) | IT00000318 Researchers identified websites managed by a Chinese marketing firm which presented themselves as news organisations.
“On its official website, the Chinese marketing firm boasted that they were in contact with news organizations across the globe, including one in South Korea called the “Chungcheng Times.” According to the joint team, this outlet is a fictional news organization created by the offending company. The Chinese company sought to disguise the site’s true identity and purpose by altering the name attached to it by one character—making it very closely resemble the name of a legitimate outlet operating out of Chungchengbuk-do.
“The marketing firm also established a news organization under the Korean name “Gyeonggido Daily,” which closely resembles legitimate news outlets operating out of Gyeonggi province such as “Gyeonggi Daily,” “Daily Gyeonggi Newspaper,” and “Gyeonggi N Daily.” One of the fake news sites was named “Incheon Focus,” a title that could be easily mistaken for the legitimate local news outlet, “Focus Incheon.” Furthermore, the Chinese marketing company operated two fake news sites with names identical to two separate local news organizations, one of which ceased operations in December 2022.
“In total, fifteen out of eighteen Chinese fake news sites incorporated the correct names of real regions in their fake company names. “If the operators had created fake news sites similar to major news organizations based in Seoul, however, the intended deception would have easily been uncovered,” explained Song Tae-eun, an assistant professor in the Department of National Security & Unification Studies at the Korea National Diplomatic Academy, to The Readable. “There is also the possibility that they are using the regional areas as an attempt to form ties with the local community; that being the government, the private sector, and religious communities.””
The firm styled their news site to resemble existing local news outlets in their target region (T0097.201: Local Institution Persona, T0097.202: News Outlet Persona, T0143.003: Impersonated Persona). |
-| [T0097.202 News Outlet Persona](../../generated_pages/techniques/T0097.202.md) | IT00000319 Researchers identified websites managed by a Chinese marketing firm which presented themselves as news organisations.
“On its official website, the Chinese marketing firm boasted that they were in contact with news organizations across the globe, including one in South Korea called the “Chungcheng Times.” According to the joint team, this outlet is a fictional news organization created by the offending company. The Chinese company sought to disguise the site’s true identity and purpose by altering the name attached to it by one character—making it very closely resemble the name of a legitimate outlet operating out of Chungchengbuk-do.
“The marketing firm also established a news organization under the Korean name “Gyeonggido Daily,” which closely resembles legitimate news outlets operating out of Gyeonggi province such as “Gyeonggi Daily,” “Daily Gyeonggi Newspaper,” and “Gyeonggi N Daily.” One of the fake news sites was named “Incheon Focus,” a title that could be easily mistaken for the legitimate local news outlet, “Focus Incheon.” Furthermore, the Chinese marketing company operated two fake news sites with names identical to two separate local news organizations, one of which ceased operations in December 2022.
“In total, fifteen out of eighteen Chinese fake news sites incorporated the correct names of real regions in their fake company names. “If the operators had created fake news sites similar to major news organizations based in Seoul, however, the intended deception would have easily been uncovered,” explained Song Tae-eun, an assistant professor in the Department of National Security & Unification Studies at the Korea National Diplomatic Academy, to The Readable. “There is also the possibility that they are using the regional areas as an attempt to form ties with the local community; that being the government, the private sector, and religious communities.””
The firm styled their news site to resemble existing local news outlets in their target region (T0097.201: Local Institution Persona, T0097.202: News Outlet Persona, T0143.003: Impersonated Persona). |
-| [T0143.003 Impersonated Persona](../../generated_pages/techniques/T0143.003.md) | IT00000320 Researchers identified websites managed by a Chinese marketing firm which presented themselves as news organisations.
“On its official website, the Chinese marketing firm boasted that they were in contact with news organizations across the globe, including one in South Korea called the “Chungcheng Times.” According to the joint team, this outlet is a fictional news organization created by the offending company. The Chinese company sought to disguise the site’s true identity and purpose by altering the name attached to it by one character—making it very closely resemble the name of a legitimate outlet operating out of Chungchengbuk-do.
“The marketing firm also established a news organization under the Korean name “Gyeonggido Daily,” which closely resembles legitimate news outlets operating out of Gyeonggi province such as “Gyeonggi Daily,” “Daily Gyeonggi Newspaper,” and “Gyeonggi N Daily.” One of the fake news sites was named “Incheon Focus,” a title that could be easily mistaken for the legitimate local news outlet, “Focus Incheon.” Furthermore, the Chinese marketing company operated two fake news sites with names identical to two separate local news organizations, one of which ceased operations in December 2022.
“In total, fifteen out of eighteen Chinese fake news sites incorporated the correct names of real regions in their fake company names. “If the operators had created fake news sites similar to major news organizations based in Seoul, however, the intended deception would have easily been uncovered,” explained Song Tae-eun, an assistant professor in the Department of National Security & Unification Studies at the Korea National Diplomatic Academy, to The Readable. “There is also the possibility that they are using the regional areas as an attempt to form ties with the local community; that being the government, the private sector, and religious communities.””
The firm styled their news site to resemble existing local news outlets in their target region (T0097.201: Local Institution Persona, T0097.202: News Outlet Persona, T0143.003: Impersonated Persona). |
+| [T0097.201 Local Institution Persona](../../generated_pages/techniques/T0097.201.md) | Researchers identified websites managed by a Chinese marketing firm which presented themselves as news organisations.
“On its official website, the Chinese marketing firm boasted that they were in contact with news organizations across the globe, including one in South Korea called the “Chungcheng Times.” According to the joint team, this outlet is a fictional news organization created by the offending company. The Chinese company sought to disguise the site’s true identity and purpose by altering the name attached to it by one character—making it very closely resemble the name of a legitimate outlet operating out of Chungchengbuk-do.
“The marketing firm also established a news organization under the Korean name “Gyeonggido Daily,” which closely resembles legitimate news outlets operating out of Gyeonggi province such as “Gyeonggi Daily,” “Daily Gyeonggi Newspaper,” and “Gyeonggi N Daily.” One of the fake news sites was named “Incheon Focus,” a title that could be easily mistaken for the legitimate local news outlet, “Focus Incheon.” Furthermore, the Chinese marketing company operated two fake news sites with names identical to two separate local news organizations, one of which ceased operations in December 2022.
“In total, fifteen out of eighteen Chinese fake news sites incorporated the correct names of real regions in their fake company names. “If the operators had created fake news sites similar to major news organizations based in Seoul, however, the intended deception would have easily been uncovered,” explained Song Tae-eun, an assistant professor in the Department of National Security & Unification Studies at the Korea National Diplomatic Academy, to The Readable. “There is also the possibility that they are using the regional areas as an attempt to form ties with the local community; that being the government, the private sector, and religious communities.””
The firm styled their news site to resemble existing local news outlets in their target region (T0097.201: Local Institution Persona, T0097.202: News Outlet Persona, T0143.003: Impersonated Persona). |
+| [T0097.202 News Outlet Persona](../../generated_pages/techniques/T0097.202.md) | Researchers identified websites managed by a Chinese marketing firm which presented themselves as news organisations.
“On its official website, the Chinese marketing firm boasted that they were in contact with news organizations across the globe, including one in South Korea called the “Chungcheng Times.” According to the joint team, this outlet is a fictional news organization created by the offending company. The Chinese company sought to disguise the site’s true identity and purpose by altering the name attached to it by one character—making it very closely resemble the name of a legitimate outlet operating out of Chungchengbuk-do.
“The marketing firm also established a news organization under the Korean name “Gyeonggido Daily,” which closely resembles legitimate news outlets operating out of Gyeonggi province such as “Gyeonggi Daily,” “Daily Gyeonggi Newspaper,” and “Gyeonggi N Daily.” One of the fake news sites was named “Incheon Focus,” a title that could be easily mistaken for the legitimate local news outlet, “Focus Incheon.” Furthermore, the Chinese marketing company operated two fake news sites with names identical to two separate local news organizations, one of which ceased operations in December 2022.
“In total, fifteen out of eighteen Chinese fake news sites incorporated the correct names of real regions in their fake company names. “If the operators had created fake news sites similar to major news organizations based in Seoul, however, the intended deception would have easily been uncovered,” explained Song Tae-eun, an assistant professor in the Department of National Security & Unification Studies at the Korea National Diplomatic Academy, to The Readable. “There is also the possibility that they are using the regional areas as an attempt to form ties with the local community; that being the government, the private sector, and religious communities.””
The firm styled their news site to resemble existing local news outlets in their target region (T0097.201: Local Institution Persona, T0097.202: News Outlet Persona, T0143.003: Impersonated Persona). |
+| [T0143.003 Impersonated Persona](../../generated_pages/techniques/T0143.003.md) | Researchers identified websites managed by a Chinese marketing firm which presented themselves as news organisations.
“On its official website, the Chinese marketing firm boasted that they were in contact with news organizations across the globe, including one in South Korea called the “Chungcheng Times.” According to the joint team, this outlet is a fictional news organization created by the offending company. The Chinese company sought to disguise the site’s true identity and purpose by altering the name attached to it by one character—making it very closely resemble the name of a legitimate outlet operating out of Chungchengbuk-do.
“The marketing firm also established a news organization under the Korean name “Gyeonggido Daily,” which closely resembles legitimate news outlets operating out of Gyeonggi province such as “Gyeonggi Daily,” “Daily Gyeonggi Newspaper,” and “Gyeonggi N Daily.” One of the fake news sites was named “Incheon Focus,” a title that could be easily mistaken for the legitimate local news outlet, “Focus Incheon.” Furthermore, the Chinese marketing company operated two fake news sites with names identical to two separate local news organizations, one of which ceased operations in December 2022.
“In total, fifteen out of eighteen Chinese fake news sites incorporated the correct names of real regions in their fake company names. “If the operators had created fake news sites similar to major news organizations based in Seoul, however, the intended deception would have easily been uncovered,” explained Song Tae-eun, an assistant professor in the Department of National Security & Unification Studies at the Korea National Diplomatic Academy, to The Readable. “There is also the possibility that they are using the regional areas as an attempt to form ties with the local community; that being the government, the private sector, and religious communities.””
The firm styled their news site to resemble existing local news outlets in their target region (T0097.201: Local Institution Persona, T0097.202: News Outlet Persona, T0143.003: Impersonated Persona). |
DO NOT EDIT ABOVE THIS LINE - PLEASE ADD NOTES BELOW
\ No newline at end of file
diff --git a/generated_pages/incidents/I00095.md b/generated_pages/incidents/I00095.md
index 757043f..03dc4dc 100644
--- a/generated_pages/incidents/I00095.md
+++ b/generated_pages/incidents/I00095.md
@@ -21,9 +21,9 @@
| Technique | Description given for this incident |
| --------- | ------------------------- |
-| [T0097.106 Recruiter Persona](../../generated_pages/techniques/T0097.106.md) | IT00000322 “A Chinese disinformation network operating fictitious employee personas across the internet used a front company in London to recruit content creators and translators around the world, according to Meta.
“The operation used a company called London New Europe Media, registered to an address on the upmarket Kensington High Street, that attempted to recruit real people to help it produce content. It is not clear how many people it ultimately recruited.
“London New Europe Media also “tried to engage individuals to record English-language videos scripted by the network,” in one case leading to a recording criticizing the United States being posted on YouTube, said Meta”.
In this example a front company was used (T0097.205: Business Persona) to enable actors to recruit targets for producing content (T0097.106: Recruiter Persona, T0143.002: Fabricated Persona). |
-| [T0097.205 Business Persona](../../generated_pages/techniques/T0097.205.md) | IT00000321 “A Chinese disinformation network operating fictitious employee personas across the internet used a front company in London to recruit content creators and translators around the world, according to Meta.
“The operation used a company called London New Europe Media, registered to an address on the upmarket Kensington High Street, that attempted to recruit real people to help it produce content. It is not clear how many people it ultimately recruited.
“London New Europe Media also “tried to engage individuals to record English-language videos scripted by the network,” in one case leading to a recording criticizing the United States being posted on YouTube, said Meta”.
In this example a front company was used (T0097.205: Business Persona) to enable actors to recruit targets for producing content (T0097.106: Recruiter Persona, T0143.002: Fabricated Persona). |
-| [T0143.002 Fabricated Persona](../../generated_pages/techniques/T0143.002.md) | IT00000323 “A Chinese disinformation network operating fictitious employee personas across the internet used a front company in London to recruit content creators and translators around the world, according to Meta.
“The operation used a company called London New Europe Media, registered to an address on the upmarket Kensington High Street, that attempted to recruit real people to help it produce content. It is not clear how many people it ultimately recruited.
“London New Europe Media also “tried to engage individuals to record English-language videos scripted by the network,” in one case leading to a recording criticizing the United States being posted on YouTube, said Meta”.
In this example a front company was used (T0097.205: Business Persona) to enable actors to recruit targets for producing content (T0097.106: Recruiter Persona, T0143.002: Fabricated Persona). |
+| [T0097.106 Recruiter Persona](../../generated_pages/techniques/T0097.106.md) | “A Chinese disinformation network operating fictitious employee personas across the internet used a front company in London to recruit content creators and translators around the world, according to Meta.
“The operation used a company called London New Europe Media, registered to an address on the upmarket Kensington High Street, that attempted to recruit real people to help it produce content. It is not clear how many people it ultimately recruited.
“London New Europe Media also “tried to engage individuals to record English-language videos scripted by the network,” in one case leading to a recording criticizing the United States being posted on YouTube, said Meta”.
In this example a front company was used (T0097.205: Business Persona) to enable actors to recruit targets for producing content (T0097.106: Recruiter Persona, T0143.002: Fabricated Persona). |
+| [T0097.205 Business Persona](../../generated_pages/techniques/T0097.205.md) | “A Chinese disinformation network operating fictitious employee personas across the internet used a front company in London to recruit content creators and translators around the world, according to Meta.
“The operation used a company called London New Europe Media, registered to an address on the upmarket Kensington High Street, that attempted to recruit real people to help it produce content. It is not clear how many people it ultimately recruited.
“London New Europe Media also “tried to engage individuals to record English-language videos scripted by the network,” in one case leading to a recording criticizing the United States being posted on YouTube, said Meta”.
In this example a front company was used (T0097.205: Business Persona) to enable actors to recruit targets for producing content (T0097.106: Recruiter Persona, T0143.002: Fabricated Persona). |
+| [T0143.002 Fabricated Persona](../../generated_pages/techniques/T0143.002.md) | “A Chinese disinformation network operating fictitious employee personas across the internet used a front company in London to recruit content creators and translators around the world, according to Meta.
“The operation used a company called London New Europe Media, registered to an address on the upmarket Kensington High Street, that attempted to recruit real people to help it produce content. It is not clear how many people it ultimately recruited.
“London New Europe Media also “tried to engage individuals to record English-language videos scripted by the network,” in one case leading to a recording criticizing the United States being posted on YouTube, said Meta”.
In this example a front company was used (T0097.205: Business Persona) to enable actors to recruit targets for producing content (T0097.106: Recruiter Persona, T0143.002: Fabricated Persona). |
DO NOT EDIT ABOVE THIS LINE - PLEASE ADD NOTES BELOW
\ No newline at end of file
diff --git a/generated_pages/incidents/I00096.md b/generated_pages/incidents/I00096.md
index f2ca9b5..57ab169 100644
--- a/generated_pages/incidents/I00096.md
+++ b/generated_pages/incidents/I00096.md
@@ -22,14 +22,14 @@ Alex Scroxton | ComputerWeekly | [https://web.archive.org/web/20240405154259/htt
| Technique | Description given for this incident |
| --------- | ------------------------- |
-| [T0087.001 Develop AI-Generated Videos (Deepfakes)](../../generated_pages/techniques/T0087.001.md) | IT00000352 The Microsoft Threat Analysis Centre (MTAC) published a report documenting the use of AI by pro-Chinese threat actors:
On 13 January, Spamouflage [(a Pro-Chinese Communist Party actor)] posted audio clips to YouTube of independent candidate [for Taiwan’s Jan 2024 presidential election] Terry Gou – who also founded electronics giant Foxconn – in which Gou endorsed another candidate in the race. This clip was almost certainly AI-generated, and it was swiftly removed by YouTube. A fake letter purporting to be from Gou, endorsing the same candidate, had already circulated – Gou had of course made no such endorsement.
Here Spamoflage used an account on YouTube to post AI Generated audio impersonating an electoral candidate (T0146: Account Asset, T0152.006: Video Platform, T0115: Post Content, T0088.001: Develop AI-Generated Audio (Deepfakes), T0143.003: Impersonated Persona, T0097.110: Party Official Persona).
Spamouflage also exploited AI-powered video platform CapCut – which is owned by TikTok backers ByteDance – to generate fake news anchors which were used in a variety of campaigns targeting the various presidential candidates in Taiwan.
Spamoflage created accounts on CapCut, which it used to create AI-generated videos of fabricated news anchors (T0146: Account Asset, T0154.002: AI Media Platform, T0087.001: Develop AI-Generated Video (Deepfakes), T0143.002: Fabricated Persona, T0097.102: Journalist Persona). |
-| [T0088.001 Develop AI-Generated Audio (Deepfakes)](../../generated_pages/techniques/T0088.001.md) | IT00000347 The Microsoft Threat Analysis Centre (MTAC) published a report documenting the use of AI by pro-Chinese threat actors:
On 13 January, Spamouflage [(a Pro-Chinese Communist Party actor)] posted audio clips to YouTube of independent candidate [for Taiwan’s Jan 2024 presidential election] Terry Gou – who also founded electronics giant Foxconn – in which Gou endorsed another candidate in the race. This clip was almost certainly AI-generated, and it was swiftly removed by YouTube. A fake letter purporting to be from Gou, endorsing the same candidate, had already circulated – Gou had of course made no such endorsement.
Here Spamoflage used an account on YouTube to post AI Generated audio impersonating an electoral candidate (T0146: Account Asset, T0152.006: Video Platform, T0115: Post Content, T0088.001: Develop AI-Generated Audio (Deepfakes), T0143.003: Impersonated Persona, T0097.110: Party Official Persona).
Spamouflage also exploited AI-powered video platform CapCut – which is owned by TikTok backers ByteDance – to generate fake news anchors which were used in a variety of campaigns targeting the various presidential candidates in Taiwan.
Spamoflage created accounts on CapCut, which it used to create AI-generated videos of fabricated news anchors (T0146: Account Asset, T0154.002: AI Media Platform, T0087.001: Develop AI-Generated Video (Deepfakes), T0143.002: Fabricated Persona, T0097.102: Journalist Persona). |
-| [T0097.102 Journalist Persona](../../generated_pages/techniques/T0097.102.md) | IT00000354 The Microsoft Threat Analysis Centre (MTAC) published a report documenting the use of AI by pro-Chinese threat actors:
On 13 January, Spamouflage [(a Pro-Chinese Communist Party actor)] posted audio clips to YouTube of independent candidate [for Taiwan’s Jan 2024 presidential election] Terry Gou – who also founded electronics giant Foxconn – in which Gou endorsed another candidate in the race. This clip was almost certainly AI-generated, and it was swiftly removed by YouTube. A fake letter purporting to be from Gou, endorsing the same candidate, had already circulated – Gou had of course made no such endorsement.
Here Spamoflage used an account on YouTube to post AI Generated audio impersonating an electoral candidate (T0146: Account Asset, T0152.006: Video Platform, T0115: Post Content, T0088.001: Develop AI-Generated Audio (Deepfakes), T0143.003: Impersonated Persona, T0097.110: Party Official Persona).
Spamouflage also exploited AI-powered video platform CapCut – which is owned by TikTok backers ByteDance – to generate fake news anchors which were used in a variety of campaigns targeting the various presidential candidates in Taiwan.
Spamoflage created accounts on CapCut, which it used to create AI-generated videos of fabricated news anchors (T0146: Account Asset, T0154.002: AI Media Platform, T0087.001: Develop AI-Generated Video (Deepfakes), T0143.002: Fabricated Persona, T0097.102: Journalist Persona). |
-| [T0097.110 Party Official Persona](../../generated_pages/techniques/T0097.110.md) | IT00000348 The Microsoft Threat Analysis Centre (MTAC) published a report documenting the use of AI by pro-Chinese threat actors:
On 13 January, Spamouflage [(a Pro-Chinese Communist Party actor)] posted audio clips to YouTube of independent candidate [for Taiwan’s Jan 2024 presidential election] Terry Gou – who also founded electronics giant Foxconn – in which Gou endorsed another candidate in the race. This clip was almost certainly AI-generated, and it was swiftly removed by YouTube. A fake letter purporting to be from Gou, endorsing the same candidate, had already circulated – Gou had of course made no such endorsement.
Here Spamoflage used an account on YouTube to post AI Generated audio impersonating an electoral candidate (T0146: Account Asset, T0152.006: Video Platform, T0115: Post Content, T0088.001: Develop AI-Generated Audio (Deepfakes), T0143.003: Impersonated Persona, T0097.110: Party Official Persona).
Spamouflage also exploited AI-powered video platform CapCut – which is owned by TikTok backers ByteDance – to generate fake news anchors which were used in a variety of campaigns targeting the various presidential candidates in Taiwan.
Spamoflage created accounts on CapCut, which it used to create AI-generated videos of fabricated news anchors (T0146: Account Asset, T0154.002: AI Media Platform, T0087.001: Develop AI-Generated Video (Deepfakes), T0143.002: Fabricated Persona, T0097.102: Journalist Persona). |
-| [T0115 Post Content](../../generated_pages/techniques/T0115.md) | IT00000350 The Microsoft Threat Analysis Centre (MTAC) published a report documenting the use of AI by pro-Chinese threat actors:
On 13 January, Spamouflage [(a Pro-Chinese Communist Party actor)] posted audio clips to YouTube of independent candidate [for Taiwan’s Jan 2024 presidential election] Terry Gou – who also founded electronics giant Foxconn – in which Gou endorsed another candidate in the race. This clip was almost certainly AI-generated, and it was swiftly removed by YouTube. A fake letter purporting to be from Gou, endorsing the same candidate, had already circulated – Gou had of course made no such endorsement.
Here Spamoflage used an account on YouTube to post AI Generated audio impersonating an electoral candidate (T0146: Account Asset, T0152.006: Video Platform, T0115: Post Content, T0088.001: Develop AI-Generated Audio (Deepfakes), T0143.003: Impersonated Persona, T0097.110: Party Official Persona).
Spamouflage also exploited AI-powered video platform CapCut – which is owned by TikTok backers ByteDance – to generate fake news anchors which were used in a variety of campaigns targeting the various presidential candidates in Taiwan.
Spamoflage created accounts on CapCut, which it used to create AI-generated videos of fabricated news anchors (T0146: Account Asset, T0154.002: AI Media Platform, T0087.001: Develop AI-Generated Video (Deepfakes), T0143.002: Fabricated Persona, T0097.102: Journalist Persona). |
-| [T0143.002 Fabricated Persona](../../generated_pages/techniques/T0143.002.md) | IT00000353 The Microsoft Threat Analysis Centre (MTAC) published a report documenting the use of AI by pro-Chinese threat actors:
On 13 January, Spamouflage [(a Pro-Chinese Communist Party actor)] posted audio clips to YouTube of independent candidate [for Taiwan’s Jan 2024 presidential election] Terry Gou – who also founded electronics giant Foxconn – in which Gou endorsed another candidate in the race. This clip was almost certainly AI-generated, and it was swiftly removed by YouTube. A fake letter purporting to be from Gou, endorsing the same candidate, had already circulated – Gou had of course made no such endorsement.
Here Spamoflage used an account on YouTube to post AI Generated audio impersonating an electoral candidate (T0146: Account Asset, T0152.006: Video Platform, T0115: Post Content, T0088.001: Develop AI-Generated Audio (Deepfakes), T0143.003: Impersonated Persona, T0097.110: Party Official Persona).
Spamouflage also exploited AI-powered video platform CapCut – which is owned by TikTok backers ByteDance – to generate fake news anchors which were used in a variety of campaigns targeting the various presidential candidates in Taiwan.
Spamoflage created accounts on CapCut, which it used to create AI-generated videos of fabricated news anchors (T0146: Account Asset, T0154.002: AI Media Platform, T0087.001: Develop AI-Generated Video (Deepfakes), T0143.002: Fabricated Persona, T0097.102: Journalist Persona). |
-| [T0152.006 Video Platform](../../generated_pages/techniques/T0152.006.md) | IT00000349 The Microsoft Threat Analysis Centre (MTAC) published a report documenting the use of AI by pro-Chinese threat actors:
On 13 January, Spamouflage [(a Pro-Chinese Communist Party actor)] posted audio clips to YouTube of independent candidate [for Taiwan’s Jan 2024 presidential election] Terry Gou – who also founded electronics giant Foxconn – in which Gou endorsed another candidate in the race. This clip was almost certainly AI-generated, and it was swiftly removed by YouTube. A fake letter purporting to be from Gou, endorsing the same candidate, had already circulated – Gou had of course made no such endorsement.
Here Spamoflage used an account on YouTube to post AI Generated audio impersonating an electoral candidate (T0146: Account Asset, T0152.006: Video Platform, T0115: Post Content, T0088.001: Develop AI-Generated Audio (Deepfakes), T0143.003: Impersonated Persona, T0097.110: Party Official Persona).
Spamouflage also exploited AI-powered video platform CapCut – which is owned by TikTok backers ByteDance – to generate fake news anchors which were used in a variety of campaigns targeting the various presidential candidates in Taiwan.
Spamoflage created accounts on CapCut, which it used to create AI-generated videos of fabricated news anchors (T0146: Account Asset, T0154.002: AI Media Platform, T0087.001: Develop AI-Generated Video (Deepfakes), T0143.002: Fabricated Persona, T0097.102: Journalist Persona). |
-| [T0154.002 AI Media Platform](../../generated_pages/techniques/T0154.002.md) | IT00000351 The Microsoft Threat Analysis Centre (MTAC) published a report documenting the use of AI by pro-Chinese threat actors:
On 13 January, Spamouflage [(a Pro-Chinese Communist Party actor)] posted audio clips to YouTube of independent candidate [for Taiwan’s Jan 2024 presidential election] Terry Gou – who also founded electronics giant Foxconn – in which Gou endorsed another candidate in the race. This clip was almost certainly AI-generated, and it was swiftly removed by YouTube. A fake letter purporting to be from Gou, endorsing the same candidate, had already circulated – Gou had of course made no such endorsement.
Here Spamoflage used an account on YouTube to post AI Generated audio impersonating an electoral candidate (T0146: Account Asset, T0152.006: Video Platform, T0115: Post Content, T0088.001: Develop AI-Generated Audio (Deepfakes), T0143.003: Impersonated Persona, T0097.110: Party Official Persona).
Spamouflage also exploited AI-powered video platform CapCut – which is owned by TikTok backers ByteDance – to generate fake news anchors which were used in a variety of campaigns targeting the various presidential candidates in Taiwan.
Spamoflage created accounts on CapCut, which it used to create AI-generated videos of fabricated news anchors (T0146: Account Asset, T0154.002: AI Media Platform, T0087.001: Develop AI-Generated Video (Deepfakes), T0143.002: Fabricated Persona, T0097.102: Journalist Persona). |
+| [T0087.001 Develop AI-Generated Videos (Deepfakes)](../../generated_pages/techniques/T0087.001.md) | The Microsoft Threat Analysis Centre (MTAC) published a report documenting the use of AI by pro-Chinese threat actors:
On 13 January, Spamouflage [(a Pro-Chinese Communist Party actor)] posted audio clips to YouTube of independent candidate [for Taiwan’s Jan 2024 presidential election] Terry Gou – who also founded electronics giant Foxconn – in which Gou endorsed another candidate in the race. This clip was almost certainly AI-generated, and it was swiftly removed by YouTube. A fake letter purporting to be from Gou, endorsing the same candidate, had already circulated – Gou had of course made no such endorsement.
Here Spamoflage used an account on YouTube to post AI Generated audio impersonating an electoral candidate (T0146: Account Asset, T0152.006: Video Platform, T0115: Post Content, T0088.001: Develop AI-Generated Audio (Deepfakes), T0143.003: Impersonated Persona, T0097.110: Party Official Persona).
Spamouflage also exploited AI-powered video platform CapCut – which is owned by TikTok backers ByteDance – to generate fake news anchors which were used in a variety of campaigns targeting the various presidential candidates in Taiwan.
Spamoflage created accounts on CapCut, which it used to create AI-generated videos of fabricated news anchors (T0146: Account Asset, T0154.002: AI Media Platform, T0087.001: Develop AI-Generated Video (Deepfakes), T0143.002: Fabricated Persona, T0097.102: Journalist Persona). |
+| [T0088.001 Develop AI-Generated Audio (Deepfakes)](../../generated_pages/techniques/T0088.001.md) | The Microsoft Threat Analysis Centre (MTAC) published a report documenting the use of AI by pro-Chinese threat actors:
On 13 January, Spamouflage [(a Pro-Chinese Communist Party actor)] posted audio clips to YouTube of independent candidate [for Taiwan’s Jan 2024 presidential election] Terry Gou – who also founded electronics giant Foxconn – in which Gou endorsed another candidate in the race. This clip was almost certainly AI-generated, and it was swiftly removed by YouTube. A fake letter purporting to be from Gou, endorsing the same candidate, had already circulated – Gou had of course made no such endorsement.
Here Spamoflage used an account on YouTube to post AI Generated audio impersonating an electoral candidate (T0146: Account Asset, T0152.006: Video Platform, T0115: Post Content, T0088.001: Develop AI-Generated Audio (Deepfakes), T0143.003: Impersonated Persona, T0097.110: Party Official Persona).
Spamouflage also exploited AI-powered video platform CapCut – which is owned by TikTok backers ByteDance – to generate fake news anchors which were used in a variety of campaigns targeting the various presidential candidates in Taiwan.
Spamoflage created accounts on CapCut, which it used to create AI-generated videos of fabricated news anchors (T0146: Account Asset, T0154.002: AI Media Platform, T0087.001: Develop AI-Generated Video (Deepfakes), T0143.002: Fabricated Persona, T0097.102: Journalist Persona). |
+| [T0097.102 Journalist Persona](../../generated_pages/techniques/T0097.102.md) | The Microsoft Threat Analysis Centre (MTAC) published a report documenting the use of AI by pro-Chinese threat actors:
On 13 January, Spamouflage [(a Pro-Chinese Communist Party actor)] posted audio clips to YouTube of independent candidate [for Taiwan’s Jan 2024 presidential election] Terry Gou – who also founded electronics giant Foxconn – in which Gou endorsed another candidate in the race. This clip was almost certainly AI-generated, and it was swiftly removed by YouTube. A fake letter purporting to be from Gou, endorsing the same candidate, had already circulated – Gou had of course made no such endorsement.
Here Spamoflage used an account on YouTube to post AI Generated audio impersonating an electoral candidate (T0146: Account Asset, T0152.006: Video Platform, T0115: Post Content, T0088.001: Develop AI-Generated Audio (Deepfakes), T0143.003: Impersonated Persona, T0097.110: Party Official Persona).
Spamouflage also exploited AI-powered video platform CapCut – which is owned by TikTok backers ByteDance – to generate fake news anchors which were used in a variety of campaigns targeting the various presidential candidates in Taiwan.
Spamoflage created accounts on CapCut, which it used to create AI-generated videos of fabricated news anchors (T0146: Account Asset, T0154.002: AI Media Platform, T0087.001: Develop AI-Generated Video (Deepfakes), T0143.002: Fabricated Persona, T0097.102: Journalist Persona). |
+| [T0097.110 Party Official Persona](../../generated_pages/techniques/T0097.110.md) | The Microsoft Threat Analysis Centre (MTAC) published a report documenting the use of AI by pro-Chinese threat actors:
On 13 January, Spamouflage [(a Pro-Chinese Communist Party actor)] posted audio clips to YouTube of independent candidate [for Taiwan’s Jan 2024 presidential election] Terry Gou – who also founded electronics giant Foxconn – in which Gou endorsed another candidate in the race. This clip was almost certainly AI-generated, and it was swiftly removed by YouTube. A fake letter purporting to be from Gou, endorsing the same candidate, had already circulated – Gou had of course made no such endorsement.
Here Spamoflage used an account on YouTube to post AI Generated audio impersonating an electoral candidate (T0146: Account Asset, T0152.006: Video Platform, T0115: Post Content, T0088.001: Develop AI-Generated Audio (Deepfakes), T0143.003: Impersonated Persona, T0097.110: Party Official Persona).
Spamouflage also exploited AI-powered video platform CapCut – which is owned by TikTok backers ByteDance – to generate fake news anchors which were used in a variety of campaigns targeting the various presidential candidates in Taiwan.
Spamoflage created accounts on CapCut, which it used to create AI-generated videos of fabricated news anchors (T0146: Account Asset, T0154.002: AI Media Platform, T0087.001: Develop AI-Generated Video (Deepfakes), T0143.002: Fabricated Persona, T0097.102: Journalist Persona). |
+| [T0115 Post Content](../../generated_pages/techniques/T0115.md) | The Microsoft Threat Analysis Centre (MTAC) published a report documenting the use of AI by pro-Chinese threat actors:
On 13 January, Spamouflage [(a Pro-Chinese Communist Party actor)] posted audio clips to YouTube of independent candidate [for Taiwan’s Jan 2024 presidential election] Terry Gou – who also founded electronics giant Foxconn – in which Gou endorsed another candidate in the race. This clip was almost certainly AI-generated, and it was swiftly removed by YouTube. A fake letter purporting to be from Gou, endorsing the same candidate, had already circulated – Gou had of course made no such endorsement.
Here Spamoflage used an account on YouTube to post AI Generated audio impersonating an electoral candidate (T0146: Account Asset, T0152.006: Video Platform, T0115: Post Content, T0088.001: Develop AI-Generated Audio (Deepfakes), T0143.003: Impersonated Persona, T0097.110: Party Official Persona).
Spamouflage also exploited AI-powered video platform CapCut – which is owned by TikTok backers ByteDance – to generate fake news anchors which were used in a variety of campaigns targeting the various presidential candidates in Taiwan.
Spamoflage created accounts on CapCut, which it used to create AI-generated videos of fabricated news anchors (T0146: Account Asset, T0154.002: AI Media Platform, T0087.001: Develop AI-Generated Video (Deepfakes), T0143.002: Fabricated Persona, T0097.102: Journalist Persona). |
+| [T0143.002 Fabricated Persona](../../generated_pages/techniques/T0143.002.md) | The Microsoft Threat Analysis Centre (MTAC) published a report documenting the use of AI by pro-Chinese threat actors:
On 13 January, Spamouflage [(a Pro-Chinese Communist Party actor)] posted audio clips to YouTube of independent candidate [for Taiwan’s Jan 2024 presidential election] Terry Gou – who also founded electronics giant Foxconn – in which Gou endorsed another candidate in the race. This clip was almost certainly AI-generated, and it was swiftly removed by YouTube. A fake letter purporting to be from Gou, endorsing the same candidate, had already circulated – Gou had of course made no such endorsement.
Here Spamoflage used an account on YouTube to post AI Generated audio impersonating an electoral candidate (T0146: Account Asset, T0152.006: Video Platform, T0115: Post Content, T0088.001: Develop AI-Generated Audio (Deepfakes), T0143.003: Impersonated Persona, T0097.110: Party Official Persona).
Spamouflage also exploited AI-powered video platform CapCut – which is owned by TikTok backers ByteDance – to generate fake news anchors which were used in a variety of campaigns targeting the various presidential candidates in Taiwan.
Spamoflage created accounts on CapCut, which it used to create AI-generated videos of fabricated news anchors (T0146: Account Asset, T0154.002: AI Media Platform, T0087.001: Develop AI-Generated Video (Deepfakes), T0143.002: Fabricated Persona, T0097.102: Journalist Persona). |
+| [T0152.006 Video Platform](../../generated_pages/techniques/T0152.006.md) | The Microsoft Threat Analysis Centre (MTAC) published a report documenting the use of AI by pro-Chinese threat actors:
On 13 January, Spamouflage [(a Pro-Chinese Communist Party actor)] posted audio clips to YouTube of independent candidate [for Taiwan’s Jan 2024 presidential election] Terry Gou – who also founded electronics giant Foxconn – in which Gou endorsed another candidate in the race. This clip was almost certainly AI-generated, and it was swiftly removed by YouTube. A fake letter purporting to be from Gou, endorsing the same candidate, had already circulated – Gou had of course made no such endorsement.
Here Spamoflage used an account on YouTube to post AI Generated audio impersonating an electoral candidate (T0146: Account Asset, T0152.006: Video Platform, T0115: Post Content, T0088.001: Develop AI-Generated Audio (Deepfakes), T0143.003: Impersonated Persona, T0097.110: Party Official Persona).
Spamouflage also exploited AI-powered video platform CapCut – which is owned by TikTok backers ByteDance – to generate fake news anchors which were used in a variety of campaigns targeting the various presidential candidates in Taiwan.
Spamoflage created accounts on CapCut, which it used to create AI-generated videos of fabricated news anchors (T0146: Account Asset, T0154.002: AI Media Platform, T0087.001: Develop AI-Generated Video (Deepfakes), T0143.002: Fabricated Persona, T0097.102: Journalist Persona). |
+| [T0154.002 AI Media Platform](../../generated_pages/techniques/T0154.002.md) | The Microsoft Threat Analysis Centre (MTAC) published a report documenting the use of AI by pro-Chinese threat actors:
On 13 January, Spamouflage [(a Pro-Chinese Communist Party actor)] posted audio clips to YouTube of independent candidate [for Taiwan’s Jan 2024 presidential election] Terry Gou – who also founded electronics giant Foxconn – in which Gou endorsed another candidate in the race. This clip was almost certainly AI-generated, and it was swiftly removed by YouTube. A fake letter purporting to be from Gou, endorsing the same candidate, had already circulated – Gou had of course made no such endorsement.
Here Spamoflage used an account on YouTube to post AI Generated audio impersonating an electoral candidate (T0146: Account Asset, T0152.006: Video Platform, T0115: Post Content, T0088.001: Develop AI-Generated Audio (Deepfakes), T0143.003: Impersonated Persona, T0097.110: Party Official Persona).
Spamouflage also exploited AI-powered video platform CapCut – which is owned by TikTok backers ByteDance – to generate fake news anchors which were used in a variety of campaigns targeting the various presidential candidates in Taiwan.
Spamoflage created accounts on CapCut, which it used to create AI-generated videos of fabricated news anchors (T0146: Account Asset, T0154.002: AI Media Platform, T0087.001: Develop AI-Generated Video (Deepfakes), T0143.002: Fabricated Persona, T0097.102: Journalist Persona). |
DO NOT EDIT ABOVE THIS LINE - PLEASE ADD NOTES BELOW
\ No newline at end of file
diff --git a/generated_pages/incidents/I00097.md b/generated_pages/incidents/I00097.md
index 59eb14e..be16f9c 100644
--- a/generated_pages/incidents/I00097.md
+++ b/generated_pages/incidents/I00097.md
@@ -21,11 +21,11 @@
| Technique | Description given for this incident |
| --------- | ------------------------- |
-| [T0018 Purchase Targeted Advertisements](../../generated_pages/techniques/T0018.md) | IT00000358 This report explores the role of four systems (recommender systems, content moderation systems, ad approval systems and ad management systems) in creating risks around eating disorders.
[...]
Ad approval systems can create risks. We created 12 ‘fake’ ads that promoted dangerous weight loss techniques and behaviours. We tested to see if these ads would be approved to run, and they were. This means dangerous behaviours can be promoted in paid-for advertising. (Requests to run ads were withdrawn after approval or rejection, so no dangerous advertising was published as a result of this experiment.)
Specifically: On TikTok, 100% of the ads were approved to run; On Facebook, 83% of the ads were approved to run; On Google, 75% of the ads were approved to run.
Ad management systems can create risks. We investigated how platforms allow advertisers to target users, and found that it is possible to target people who may be interested in pro-eating disorder content.
Specifically: On TikTok: End-users who interact with pro-eating disorder content on TikTok, download advertisers’ eating disorder apps or visit their websites can be targeted; On Meta: End-users who interact with pro-eating disorder content on Meta, download advertisers’ eating disorder apps or visit their websites can be targeted; On X: End-users who follow pro- eating disorder accounts, or ‘look’ like them, can be targeted; On Google: End-users who search specific words or combinations of words (including pro-eating disorder words), watch pro-eating disorder YouTube channels and probably those who download eating disorder and mental health apps can be targeted.
Advertising platforms managed by TikTok, Facebook, and Google approved adverts to be displayed on their platforms. These platforms enabled users to deliver targeted advertising to potentially vulnerable platform users (T0018: Purchase Targeted Advertisements, T0153.005: Online Advertising Platform). |
-| [T0151.001 Social Media Platform](../../generated_pages/techniques/T0151.001.md) | IT00000355 This report explores the role of four systems (recommender systems, content moderation systems, ad approval systems and ad management systems) in creating risks around eating disorders.
[...]
Content recommender systems can create risks. We created and primed ‘fake’ accounts for 16-year old Australians and found that some recommender systems will promote pro-eating disorder content to children.
Specifically: On TikTok, 0% of the content recommended was classified as pro-eating disorder content; On Instagram, 23% of the content recommended was classified as pro-eating disorder content; On X, 67% of content recommended was classified as pro-eating disorder content (and disturbingly, another 13% displayed self-harm imagery).
Content recommendation algorithms developed by Instagram (T0151.001: Social Media Platform, T0153.006: Content Recommendation Algorithm) and X (T0151.008: Microblogging Platform, T0153.006: Content Recommendation Algorithm) promoted harmful content to an account presenting as a 16 year old Australian. |
-| [T0151.008 Microblogging Platform](../../generated_pages/techniques/T0151.008.md) | IT00000357 This report explores the role of four systems (recommender systems, content moderation systems, ad approval systems and ad management systems) in creating risks around eating disorders.
[...]
Content recommender systems can create risks. We created and primed ‘fake’ accounts for 16-year old Australians and found that some recommender systems will promote pro-eating disorder content to children.
Specifically: On TikTok, 0% of the content recommended was classified as pro-eating disorder content; On Instagram, 23% of the content recommended was classified as pro-eating disorder content; On X, 67% of content recommended was classified as pro-eating disorder content (and disturbingly, another 13% displayed self-harm imagery).
Content recommendation algorithms developed by Instagram (T0151.001: Social Media Platform, T0153.006: Content Recommendation Algorithm) and X (T0151.008: Microblogging Platform, T0153.006: Content Recommendation Algorithm) promoted harmful content to an account presenting as a 16 year old Australian. |
-| [T0153.005 Online Advertising Platform](../../generated_pages/techniques/T0153.005.md) | IT00000359 This report explores the role of four systems (recommender systems, content moderation systems, ad approval systems and ad management systems) in creating risks around eating disorders.
[...]
Ad approval systems can create risks. We created 12 ‘fake’ ads that promoted dangerous weight loss techniques and behaviours. We tested to see if these ads would be approved to run, and they were. This means dangerous behaviours can be promoted in paid-for advertising. (Requests to run ads were withdrawn after approval or rejection, so no dangerous advertising was published as a result of this experiment.)
Specifically: On TikTok, 100% of the ads were approved to run; On Facebook, 83% of the ads were approved to run; On Google, 75% of the ads were approved to run.
Ad management systems can create risks. We investigated how platforms allow advertisers to target users, and found that it is possible to target people who may be interested in pro-eating disorder content.
Specifically: On TikTok: End-users who interact with pro-eating disorder content on TikTok, download advertisers’ eating disorder apps or visit their websites can be targeted; On Meta: End-users who interact with pro-eating disorder content on Meta, download advertisers’ eating disorder apps or visit their websites can be targeted; On X: End-users who follow pro- eating disorder accounts, or ‘look’ like them, can be targeted; On Google: End-users who search specific words or combinations of words (including pro-eating disorder words), watch pro-eating disorder YouTube channels and probably those who download eating disorder and mental health apps can be targeted.
Advertising platforms managed by TikTok, Facebook, and Google approved adverts to be displayed on their platforms. These platforms enabled users to deliver targeted advertising to potentially vulnerable platform users (T0018: Purchase Targeted Advertisements, T0153.005: Online Advertising Platform). |
-| [T0153.006 Content Recommendation Algorithm](../../generated_pages/techniques/T0153.006.md) | IT00000356 This report explores the role of four systems (recommender systems, content moderation systems, ad approval systems and ad management systems) in creating risks around eating disorders.
[...]
Content recommender systems can create risks. We created and primed ‘fake’ accounts for 16-year old Australians and found that some recommender systems will promote pro-eating disorder content to children.
Specifically: On TikTok, 0% of the content recommended was classified as pro-eating disorder content; On Instagram, 23% of the content recommended was classified as pro-eating disorder content; On X, 67% of content recommended was classified as pro-eating disorder content (and disturbingly, another 13% displayed self-harm imagery).
Content recommendation algorithms developed by Instagram (T0151.001: Social Media Platform, T0153.006: Content Recommendation Algorithm) and X (T0151.008: Microblogging Platform, T0153.006: Content Recommendation Algorithm) promoted harmful content to an account presenting as a 16 year old Australian. |
+| [T0018 Purchase Targeted Advertisements](../../generated_pages/techniques/T0018.md) | This report explores the role of four systems (recommender systems, content moderation systems, ad approval systems and ad management systems) in creating risks around eating disorders.
[...]
Ad approval systems can create risks. We created 12 ‘fake’ ads that promoted dangerous weight loss techniques and behaviours. We tested to see if these ads would be approved to run, and they were. This means dangerous behaviours can be promoted in paid-for advertising. (Requests to run ads were withdrawn after approval or rejection, so no dangerous advertising was published as a result of this experiment.)
Specifically: On TikTok, 100% of the ads were approved to run; On Facebook, 83% of the ads were approved to run; On Google, 75% of the ads were approved to run.
Ad management systems can create risks. We investigated how platforms allow advertisers to target users, and found that it is possible to target people who may be interested in pro-eating disorder content.
Specifically: On TikTok: End-users who interact with pro-eating disorder content on TikTok, download advertisers’ eating disorder apps or visit their websites can be targeted; On Meta: End-users who interact with pro-eating disorder content on Meta, download advertisers’ eating disorder apps or visit their websites can be targeted; On X: End-users who follow pro- eating disorder accounts, or ‘look’ like them, can be targeted; On Google: End-users who search specific words or combinations of words (including pro-eating disorder words), watch pro-eating disorder YouTube channels and probably those who download eating disorder and mental health apps can be targeted.
Advertising platforms managed by TikTok, Facebook, and Google approved adverts to be displayed on their platforms. These platforms enabled users to deliver targeted advertising to potentially vulnerable platform users (T0018: Purchase Targeted Advertisements, T0153.005: Online Advertising Platform). |
+| [T0151.001 Social Media Platform](../../generated_pages/techniques/T0151.001.md) | This report explores the role of four systems (recommender systems, content moderation systems, ad approval systems and ad management systems) in creating risks around eating disorders.
[...]
Content recommender systems can create risks. We created and primed ‘fake’ accounts for 16-year old Australians and found that some recommender systems will promote pro-eating disorder content to children.
Specifically: On TikTok, 0% of the content recommended was classified as pro-eating disorder content; On Instagram, 23% of the content recommended was classified as pro-eating disorder content; On X, 67% of content recommended was classified as pro-eating disorder content (and disturbingly, another 13% displayed self-harm imagery).
Content recommendation algorithms developed by Instagram (T0151.001: Social Media Platform, T0153.006: Content Recommendation Algorithm) and X (T0151.008: Microblogging Platform, T0153.006: Content Recommendation Algorithm) promoted harmful content to an account presenting as a 16 year old Australian. |
+| [T0151.008 Microblogging Platform](../../generated_pages/techniques/T0151.008.md) | This report explores the role of four systems (recommender systems, content moderation systems, ad approval systems and ad management systems) in creating risks around eating disorders.
[...]
Content recommender systems can create risks. We created and primed ‘fake’ accounts for 16-year old Australians and found that some recommender systems will promote pro-eating disorder content to children.
Specifically: On TikTok, 0% of the content recommended was classified as pro-eating disorder content; On Instagram, 23% of the content recommended was classified as pro-eating disorder content; On X, 67% of content recommended was classified as pro-eating disorder content (and disturbingly, another 13% displayed self-harm imagery).
Content recommendation algorithms developed by Instagram (T0151.001: Social Media Platform, T0153.006: Content Recommendation Algorithm) and X (T0151.008: Microblogging Platform, T0153.006: Content Recommendation Algorithm) promoted harmful content to an account presenting as a 16 year old Australian. |
+| [T0153.005 Online Advertising Platform](../../generated_pages/techniques/T0153.005.md) | This report explores the role of four systems (recommender systems, content moderation systems, ad approval systems and ad management systems) in creating risks around eating disorders.
[...]
Ad approval systems can create risks. We created 12 ‘fake’ ads that promoted dangerous weight loss techniques and behaviours. We tested to see if these ads would be approved to run, and they were. This means dangerous behaviours can be promoted in paid-for advertising. (Requests to run ads were withdrawn after approval or rejection, so no dangerous advertising was published as a result of this experiment.)
Specifically: On TikTok, 100% of the ads were approved to run; On Facebook, 83% of the ads were approved to run; On Google, 75% of the ads were approved to run.
Ad management systems can create risks. We investigated how platforms allow advertisers to target users, and found that it is possible to target people who may be interested in pro-eating disorder content.
Specifically: On TikTok: End-users who interact with pro-eating disorder content on TikTok, download advertisers’ eating disorder apps or visit their websites can be targeted; On Meta: End-users who interact with pro-eating disorder content on Meta, download advertisers’ eating disorder apps or visit their websites can be targeted; On X: End-users who follow pro- eating disorder accounts, or ‘look’ like them, can be targeted; On Google: End-users who search specific words or combinations of words (including pro-eating disorder words), watch pro-eating disorder YouTube channels and probably those who download eating disorder and mental health apps can be targeted.
Advertising platforms managed by TikTok, Facebook, and Google approved adverts to be displayed on their platforms. These platforms enabled users to deliver targeted advertising to potentially vulnerable platform users (T0018: Purchase Targeted Advertisements, T0153.005: Online Advertising Platform). |
+| [T0153.006 Content Recommendation Algorithm](../../generated_pages/techniques/T0153.006.md) | This report explores the role of four systems (recommender systems, content moderation systems, ad approval systems and ad management systems) in creating risks around eating disorders.
[...]
Content recommender systems can create risks. We created and primed ‘fake’ accounts for 16-year old Australians and found that some recommender systems will promote pro-eating disorder content to children.
Specifically: On TikTok, 0% of the content recommended was classified as pro-eating disorder content; On Instagram, 23% of the content recommended was classified as pro-eating disorder content; On X, 67% of content recommended was classified as pro-eating disorder content (and disturbingly, another 13% displayed self-harm imagery).
Content recommendation algorithms developed by Instagram (T0151.001: Social Media Platform, T0153.006: Content Recommendation Algorithm) and X (T0151.008: Microblogging Platform, T0153.006: Content Recommendation Algorithm) promoted harmful content to an account presenting as a 16 year old Australian. |
DO NOT EDIT ABOVE THIS LINE - PLEASE ADD NOTES BELOW
\ No newline at end of file
diff --git a/generated_pages/incidents/I00098.md b/generated_pages/incidents/I00098.md
index 664de10..00fe324 100644
--- a/generated_pages/incidents/I00098.md
+++ b/generated_pages/incidents/I00098.md
@@ -21,9 +21,9 @@
| Technique | Description given for this incident |
| --------- | ------------------------- |
-| [T0147.001 Game Asset](../../generated_pages/techniques/T0147.001.md) | IT00000360 This report looks at how extremists exploit games and gaming adjacent platforms:
Ethnic Cleansing, a first-person shooter game created by the U.S. white supremacist organization National Alliance in 2002, was advertised as follows: “[T]he Race War has already begun. Your character, Will, runs through a ghetto blasting away at various blacks and spics to attempt to gain entrance to the subway system...where the jews have hidden to avoid the carnage. Then you get to blow away jews as they scream ‘Oy Vey!’ on your way to the command center.”
While games like Ethnic Cleansing —and others of a similar genocidal variety, including titles like Shoot the Blacks, Hatred, and Muslim Massacre —generate some press attention and controversy, they tend to be ignored by the large majority of gamers, who consider them “crude” and “badly designed.” Nevertheless, these games are still available in some corners of the Internet and have been downloaded by hundreds of thousands of users.
A second strategy involves the modification (“modding”) of existing video games to twist the narrative into an extremist message or fantasy. One example is the Islamic State terrorist group’s modding of the first-person shooter video game, ARMA III, to make Islamic fighters the heroic protagonists rather than the villains. With their powerful immersive quality, these video games have, in some instances, been effective at inspiring and allegedly training extremists to perpetrate realworld attacks.
Third, extremist actors have used in-game chat functions to open lines of communication with ideological sympathizers and potential recruits. Although the lack of in-game communication data has made it impossible for academic researchers to track the presence of extremists in a systematic way, there is enough anecdotal evidence—including evidence obtained from police investigation files—to infer that in-game chatrooms can and do function as “radicalization funnels” in at least some cases.
White supremacists created a game aligned with their ideology (T0147.001: Game Asset). The Islamic State terrorist group created a mod of the game ARMA 3 (T0151.015: Online Game Platform, T0147.002: Game Mod Asset). Extremists also use communication features available in online games to recruit new members. |
-| [T0147.002 Game Mod Asset](../../generated_pages/techniques/T0147.002.md) | IT00000362 This report looks at how extremists exploit games and gaming adjacent platforms:
Ethnic Cleansing, a first-person shooter game created by the U.S. white supremacist organization National Alliance in 2002, was advertised as follows: “[T]he Race War has already begun. Your character, Will, runs through a ghetto blasting away at various blacks and spics to attempt to gain entrance to the subway system...where the jews have hidden to avoid the carnage. Then you get to blow away jews as they scream ‘Oy Vey!’ on your way to the command center.”
While games like Ethnic Cleansing —and others of a similar genocidal variety, including titles like Shoot the Blacks, Hatred, and Muslim Massacre —generate some press attention and controversy, they tend to be ignored by the large majority of gamers, who consider them “crude” and “badly designed.” Nevertheless, these games are still available in some corners of the Internet and have been downloaded by hundreds of thousands of users.
A second strategy involves the modification (“modding”) of existing video games to twist the narrative into an extremist message or fantasy. One example is the Islamic State terrorist group’s modding of the first-person shooter video game, ARMA III, to make Islamic fighters the heroic protagonists rather than the villains. With their powerful immersive quality, these video games have, in some instances, been effective at inspiring and allegedly training extremists to perpetrate realworld attacks.
Third, extremist actors have used in-game chat functions to open lines of communication with ideological sympathizers and potential recruits. Although the lack of in-game communication data has made it impossible for academic researchers to track the presence of extremists in a systematic way, there is enough anecdotal evidence—including evidence obtained from police investigation files—to infer that in-game chatrooms can and do function as “radicalization funnels” in at least some cases.
White supremacists created a game aligned with their ideology (T0147.001: Game Asset). The Islamic State terrorist group created a mod of the game ARMA 3 (T0151.015: Online Game Platform, T0147.002: Game Mod Asset). Extremists also use communication features available in online games to recruit new members. |
-| [T0151.015 Online Game Platform](../../generated_pages/techniques/T0151.015.md) | IT00000361 This report looks at how extremists exploit games and gaming adjacent platforms:
Ethnic Cleansing, a first-person shooter game created by the U.S. white supremacist organization National Alliance in 2002, was advertised as follows: “[T]he Race War has already begun. Your character, Will, runs through a ghetto blasting away at various blacks and spics to attempt to gain entrance to the subway system...where the jews have hidden to avoid the carnage. Then you get to blow away jews as they scream ‘Oy Vey!’ on your way to the command center.”
While games like Ethnic Cleansing —and others of a similar genocidal variety, including titles like Shoot the Blacks, Hatred, and Muslim Massacre —generate some press attention and controversy, they tend to be ignored by the large majority of gamers, who consider them “crude” and “badly designed.” Nevertheless, these games are still available in some corners of the Internet and have been downloaded by hundreds of thousands of users.
A second strategy involves the modification (“modding”) of existing video games to twist the narrative into an extremist message or fantasy. One example is the Islamic State terrorist group’s modding of the first-person shooter video game, ARMA III, to make Islamic fighters the heroic protagonists rather than the villains. With their powerful immersive quality, these video games have, in some instances, been effective at inspiring and allegedly training extremists to perpetrate realworld attacks.
Third, extremist actors have used in-game chat functions to open lines of communication with ideological sympathizers and potential recruits. Although the lack of in-game communication data has made it impossible for academic researchers to track the presence of extremists in a systematic way, there is enough anecdotal evidence—including evidence obtained from police investigation files—to infer that in-game chatrooms can and do function as “radicalization funnels” in at least some cases.
White supremacists created a game aligned with their ideology (T0147.001: Game Asset). The Islamic State terrorist group created a mod of the game ARMA 3 (T0151.015: Online Game Platform, T0147.002: Game Mod Asset). Extremists also use communication features available in online games to recruit new members. |
+| [T0147.001 Game Asset](../../generated_pages/techniques/T0147.001.md) | This report looks at how extremists exploit games and gaming adjacent platforms:
Ethnic Cleansing, a first-person shooter game created by the U.S. white supremacist organization National Alliance in 2002, was advertised as follows: “[T]he Race War has already begun. Your character, Will, runs through a ghetto blasting away at various blacks and spics to attempt to gain entrance to the subway system...where the jews have hidden to avoid the carnage. Then you get to blow away jews as they scream ‘Oy Vey!’ on your way to the command center.”
While games like Ethnic Cleansing —and others of a similar genocidal variety, including titles like Shoot the Blacks, Hatred, and Muslim Massacre —generate some press attention and controversy, they tend to be ignored by the large majority of gamers, who consider them “crude” and “badly designed.” Nevertheless, these games are still available in some corners of the Internet and have been downloaded by hundreds of thousands of users.
A second strategy involves the modification (“modding”) of existing video games to twist the narrative into an extremist message or fantasy. One example is the Islamic State terrorist group’s modding of the first-person shooter video game, ARMA III, to make Islamic fighters the heroic protagonists rather than the villains. With their powerful immersive quality, these video games have, in some instances, been effective at inspiring and allegedly training extremists to perpetrate realworld attacks.
Third, extremist actors have used in-game chat functions to open lines of communication with ideological sympathizers and potential recruits. Although the lack of in-game communication data has made it impossible for academic researchers to track the presence of extremists in a systematic way, there is enough anecdotal evidence—including evidence obtained from police investigation files—to infer that in-game chatrooms can and do function as “radicalization funnels” in at least some cases.
White supremacists created a game aligned with their ideology (T0147.001: Game Asset). The Islamic State terrorist group created a mod of the game ARMA 3 (T0151.015: Online Game Platform, T0147.002: Game Mod Asset). Extremists also use communication features available in online games to recruit new members. |
+| [T0147.002 Game Mod Asset](../../generated_pages/techniques/T0147.002.md) | This report looks at how extremists exploit games and gaming adjacent platforms:
Ethnic Cleansing, a first-person shooter game created by the U.S. white supremacist organization National Alliance in 2002, was advertised as follows: “[T]he Race War has already begun. Your character, Will, runs through a ghetto blasting away at various blacks and spics to attempt to gain entrance to the subway system...where the jews have hidden to avoid the carnage. Then you get to blow away jews as they scream ‘Oy Vey!’ on your way to the command center.”
While games like Ethnic Cleansing —and others of a similar genocidal variety, including titles like Shoot the Blacks, Hatred, and Muslim Massacre —generate some press attention and controversy, they tend to be ignored by the large majority of gamers, who consider them “crude” and “badly designed.” Nevertheless, these games are still available in some corners of the Internet and have been downloaded by hundreds of thousands of users.
A second strategy involves the modification (“modding”) of existing video games to twist the narrative into an extremist message or fantasy. One example is the Islamic State terrorist group’s modding of the first-person shooter video game, ARMA III, to make Islamic fighters the heroic protagonists rather than the villains. With their powerful immersive quality, these video games have, in some instances, been effective at inspiring and allegedly training extremists to perpetrate realworld attacks.
Third, extremist actors have used in-game chat functions to open lines of communication with ideological sympathizers and potential recruits. Although the lack of in-game communication data has made it impossible for academic researchers to track the presence of extremists in a systematic way, there is enough anecdotal evidence—including evidence obtained from police investigation files—to infer that in-game chatrooms can and do function as “radicalization funnels” in at least some cases.
White supremacists created a game aligned with their ideology (T0147.001: Game Asset). The Islamic State terrorist group created a mod of the game ARMA 3 (T0151.015: Online Game Platform, T0147.002: Game Mod Asset). Extremists also use communication features available in online games to recruit new members. |
+| [T0151.015 Online Game Platform](../../generated_pages/techniques/T0151.015.md) | This report looks at how extremists exploit games and gaming adjacent platforms:
Ethnic Cleansing, a first-person shooter game created by the U.S. white supremacist organization National Alliance in 2002, was advertised as follows: “[T]he Race War has already begun. Your character, Will, runs through a ghetto blasting away at various blacks and spics to attempt to gain entrance to the subway system...where the jews have hidden to avoid the carnage. Then you get to blow away jews as they scream ‘Oy Vey!’ on your way to the command center.”
While games like Ethnic Cleansing —and others of a similar genocidal variety, including titles like Shoot the Blacks, Hatred, and Muslim Massacre —generate some press attention and controversy, they tend to be ignored by the large majority of gamers, who consider them “crude” and “badly designed.” Nevertheless, these games are still available in some corners of the Internet and have been downloaded by hundreds of thousands of users.
A second strategy involves the modification (“modding”) of existing video games to twist the narrative into an extremist message or fantasy. One example is the Islamic State terrorist group’s modding of the first-person shooter video game, ARMA III, to make Islamic fighters the heroic protagonists rather than the villains. With their powerful immersive quality, these video games have, in some instances, been effective at inspiring and allegedly training extremists to perpetrate realworld attacks.
Third, extremist actors have used in-game chat functions to open lines of communication with ideological sympathizers and potential recruits. Although the lack of in-game communication data has made it impossible for academic researchers to track the presence of extremists in a systematic way, there is enough anecdotal evidence—including evidence obtained from police investigation files—to infer that in-game chatrooms can and do function as “radicalization funnels” in at least some cases.
White supremacists created a game aligned with their ideology (T0147.001: Game Asset). The Islamic State terrorist group created a mod of the game ARMA 3 (T0151.015: Online Game Platform, T0147.002: Game Mod Asset). Extremists also use communication features available in online games to recruit new members. |
DO NOT EDIT ABOVE THIS LINE - PLEASE ADD NOTES BELOW
\ No newline at end of file
diff --git a/generated_pages/incidents/I00099.md b/generated_pages/incidents/I00099.md
index 3bf560a..ac59eea 100644
--- a/generated_pages/incidents/I00099.md
+++ b/generated_pages/incidents/I00099.md
@@ -21,10 +21,10 @@
| Technique | Description given for this incident |
| --------- | ------------------------- |
-| [T0086.002 Develop AI-Generated Images (Deepfakes)](../../generated_pages/techniques/T0086.002.md) | IT00000364 Last October, British writer Helen was alerted to a series of deepfakes on a porn site that appear to show her engaging in extreme acts of sexual violence. That night, the images replayed themselves over and over in horrific nightmares and she was gripped by an all-consuming feeling of dread. “It’s like you’re in a tunnel, going further and further into this enclosed space, where there’s no light,” she tells Vogue. This feeling pervaded Helen’s life. Whenever she left the house, she felt exposed. On runs, she experienced panic attacks. Helen still has no idea who did this to her.
[...]
Amnesty International has been investigating the effects of abuse against women on Twitter, specifically in relation to how they act online thereafter. According to the charity, abuse creates what they’ve called “the silencing effect” whereby women feel discouraged from participating online. The same can be said for victims of deepfakes.
Helen has never been afraid to use her voice, writing deeply personal accounts of postnatal depression. But the deepfakes created a feeling of shame so strong she thought she’d be carrying this “dirty secret” forever, and so she stopped writing.
[...]
Meanwhile, deepfake ‘communities’ are thriving. There are now dedicated sites, user-friendly apps and organised ‘request’ procedures. Some sites allow you to commission custom deepfakes for £25, while on others you can upload a woman’s image and a bot will strip her naked.
“This violation is not something that should be normalised,” says Gibi, an ASMR artist with 3.13 million YouTube subscribers. Gibi has given up trying to keep tabs on the deepfakes of her. For Gibi, the most egregious part of all of this is the fact that people are “profiting off my face, doing something that I didn’t consent to, like my suffering is your livelihood.” She’s even been approached by a company offering to remove the deepfakes — for £500 a video. This has to end. But how?
A website hosting pornographic content provided users the ability to create deepfake content (T0154.002: AI Media Platform, T0086.002: Develop AI-Generated Images (Deepfakes)).
Another website enabled users to commission custom deepfakes (T0152.004: Website Asset, T0148.004: Payment Processing Capability, T0086.002: Develop AI-Generated Images (Deepfakes), T0155.005: Paid Access Asset). |
-| [T0152.004 Website Asset](../../generated_pages/techniques/T0152.004.md) | IT00000365 Last October, British writer Helen was alerted to a series of deepfakes on a porn site that appear to show her engaging in extreme acts of sexual violence. That night, the images replayed themselves over and over in horrific nightmares and she was gripped by an all-consuming feeling of dread. “It’s like you’re in a tunnel, going further and further into this enclosed space, where there’s no light,” she tells Vogue. This feeling pervaded Helen’s life. Whenever she left the house, she felt exposed. On runs, she experienced panic attacks. Helen still has no idea who did this to her.
[...]
Amnesty International has been investigating the effects of abuse against women on Twitter, specifically in relation to how they act online thereafter. According to the charity, abuse creates what they’ve called “the silencing effect” whereby women feel discouraged from participating online. The same can be said for victims of deepfakes.
Helen has never been afraid to use her voice, writing deeply personal accounts of postnatal depression. But the deepfakes created a feeling of shame so strong she thought she’d be carrying this “dirty secret” forever, and so she stopped writing.
[...]
Meanwhile, deepfake ‘communities’ are thriving. There are now dedicated sites, user-friendly apps and organised ‘request’ procedures. Some sites allow you to commission custom deepfakes for £25, while on others you can upload a woman’s image and a bot will strip her naked.
“This violation is not something that should be normalised,” says Gibi, an ASMR artist with 3.13 million YouTube subscribers. Gibi has given up trying to keep tabs on the deepfakes of her. For Gibi, the most egregious part of all of this is the fact that people are “profiting off my face, doing something that I didn’t consent to, like my suffering is your livelihood.” She’s even been approached by a company offering to remove the deepfakes — for £500 a video. This has to end. But how?
A website hosting pornographic content provided users the ability to create deepfake content (T0154.002: AI Media Platform, T0086.002: Develop AI-Generated Images (Deepfakes)).
Another website enabled users to commission custom deepfakes (T0152.004: Website Asset, T0148.004: Payment Processing Capability, T0086.002: Develop AI-Generated Images (Deepfakes), T0155.005: Paid Access Asset). |
-| [T0154.002 AI Media Platform](../../generated_pages/techniques/T0154.002.md) | IT00000363 Last October, British writer Helen was alerted to a series of deepfakes on a porn site that appear to show her engaging in extreme acts of sexual violence. That night, the images replayed themselves over and over in horrific nightmares and she was gripped by an all-consuming feeling of dread. “It’s like you’re in a tunnel, going further and further into this enclosed space, where there’s no light,” she tells Vogue. This feeling pervaded Helen’s life. Whenever she left the house, she felt exposed. On runs, she experienced panic attacks. Helen still has no idea who did this to her.
[...]
Amnesty International has been investigating the effects of abuse against women on Twitter, specifically in relation to how they act online thereafter. According to the charity, abuse creates what they’ve called “the silencing effect” whereby women feel discouraged from participating online. The same can be said for victims of deepfakes.
Helen has never been afraid to use her voice, writing deeply personal accounts of postnatal depression. But the deepfakes created a feeling of shame so strong she thought she’d be carrying this “dirty secret” forever, and so she stopped writing.
[...]
Meanwhile, deepfake ‘communities’ are thriving. There are now dedicated sites, user-friendly apps and organised ‘request’ procedures. Some sites allow you to commission custom deepfakes for £25, while on others you can upload a woman’s image and a bot will strip her naked.
“This violation is not something that should be normalised,” says Gibi, an ASMR artist with 3.13 million YouTube subscribers. Gibi has given up trying to keep tabs on the deepfakes of her. For Gibi, the most egregious part of all of this is the fact that people are “profiting off my face, doing something that I didn’t consent to, like my suffering is your livelihood.” She’s even been approached by a company offering to remove the deepfakes — for £500 a video. This has to end. But how?
A website hosting pornographic content provided users the ability to create deepfake content (T0154.002: AI Media Platform, T0086.002: Develop AI-Generated Images (Deepfakes)).
Another website enabled users to commission custom deepfakes (T0152.004: Website Asset, T0148.004: Payment Processing Capability, T0086.002: Develop AI-Generated Images (Deepfakes), T0155.005: Paid Access Asset). |
-| [T0155.005 Paid Access Asset](../../generated_pages/techniques/T0155.005.md) | IT00000366 Last October, British writer Helen was alerted to a series of deepfakes on a porn site that appear to show her engaging in extreme acts of sexual violence. That night, the images replayed themselves over and over in horrific nightmares and she was gripped by an all-consuming feeling of dread. “It’s like you’re in a tunnel, going further and further into this enclosed space, where there’s no light,” she tells Vogue. This feeling pervaded Helen’s life. Whenever she left the house, she felt exposed. On runs, she experienced panic attacks. Helen still has no idea who did this to her.
[...]
Amnesty International has been investigating the effects of abuse against women on Twitter, specifically in relation to how they act online thereafter. According to the charity, abuse creates what they’ve called “the silencing effect” whereby women feel discouraged from participating online. The same can be said for victims of deepfakes.
Helen has never been afraid to use her voice, writing deeply personal accounts of postnatal depression. But the deepfakes created a feeling of shame so strong she thought she’d be carrying this “dirty secret” forever, and so she stopped writing.
[...]
Meanwhile, deepfake ‘communities’ are thriving. There are now dedicated sites, user-friendly apps and organised ‘request’ procedures. Some sites allow you to commission custom deepfakes for £25, while on others you can upload a woman’s image and a bot will strip her naked.
“This violation is not something that should be normalised,” says Gibi, an ASMR artist with 3.13 million YouTube subscribers. Gibi has given up trying to keep tabs on the deepfakes of her. For Gibi, the most egregious part of all of this is the fact that people are “profiting off my face, doing something that I didn’t consent to, like my suffering is your livelihood.” She’s even been approached by a company offering to remove the deepfakes — for £500 a video. This has to end. But how?
A website hosting pornographic content provided users the ability to create deepfake content (T0154.002: AI Media Platform, T0086.002: Develop AI-Generated Images (Deepfakes)).
Another website enabled users to commission custom deepfakes (T0152.004: Website Asset, T0148.004: Payment Processing Capability, T0086.002: Develop AI-Generated Images (Deepfakes), T0155.005: Paid Access Asset). |
+| [T0086.002 Develop AI-Generated Images (Deepfakes)](../../generated_pages/techniques/T0086.002.md) | Last October, British writer Helen was alerted to a series of deepfakes on a porn site that appear to show her engaging in extreme acts of sexual violence. That night, the images replayed themselves over and over in horrific nightmares and she was gripped by an all-consuming feeling of dread. “It’s like you’re in a tunnel, going further and further into this enclosed space, where there’s no light,” she tells Vogue. This feeling pervaded Helen’s life. Whenever she left the house, she felt exposed. On runs, she experienced panic attacks. Helen still has no idea who did this to her.
[...]
Amnesty International has been investigating the effects of abuse against women on Twitter, specifically in relation to how they act online thereafter. According to the charity, abuse creates what they’ve called “the silencing effect” whereby women feel discouraged from participating online. The same can be said for victims of deepfakes.
Helen has never been afraid to use her voice, writing deeply personal accounts of postnatal depression. But the deepfakes created a feeling of shame so strong she thought she’d be carrying this “dirty secret” forever, and so she stopped writing.
[...]
Meanwhile, deepfake ‘communities’ are thriving. There are now dedicated sites, user-friendly apps and organised ‘request’ procedures. Some sites allow you to commission custom deepfakes for £25, while on others you can upload a woman’s image and a bot will strip her naked.
“This violation is not something that should be normalised,” says Gibi, an ASMR artist with 3.13 million YouTube subscribers. Gibi has given up trying to keep tabs on the deepfakes of her. For Gibi, the most egregious part of all of this is the fact that people are “profiting off my face, doing something that I didn’t consent to, like my suffering is your livelihood.” She’s even been approached by a company offering to remove the deepfakes — for £500 a video. This has to end. But how?
A website hosting pornographic content provided users the ability to create deepfake content (T0154.002: AI Media Platform, T0086.002: Develop AI-Generated Images (Deepfakes)).
Another website enabled users to commission custom deepfakes (T0152.004: Website Asset, T0148.004: Payment Processing Capability, T0086.002: Develop AI-Generated Images (Deepfakes), T0155.005: Paid Access Asset). |
+| [T0152.004 Website Asset](../../generated_pages/techniques/T0152.004.md) | Last October, British writer Helen was alerted to a series of deepfakes on a porn site that appear to show her engaging in extreme acts of sexual violence. That night, the images replayed themselves over and over in horrific nightmares and she was gripped by an all-consuming feeling of dread. “It’s like you’re in a tunnel, going further and further into this enclosed space, where there’s no light,” she tells Vogue. This feeling pervaded Helen’s life. Whenever she left the house, she felt exposed. On runs, she experienced panic attacks. Helen still has no idea who did this to her.
[...]
Amnesty International has been investigating the effects of abuse against women on Twitter, specifically in relation to how they act online thereafter. According to the charity, abuse creates what they’ve called “the silencing effect” whereby women feel discouraged from participating online. The same can be said for victims of deepfakes.
Helen has never been afraid to use her voice, writing deeply personal accounts of postnatal depression. But the deepfakes created a feeling of shame so strong she thought she’d be carrying this “dirty secret” forever, and so she stopped writing.
[...]
Meanwhile, deepfake ‘communities’ are thriving. There are now dedicated sites, user-friendly apps and organised ‘request’ procedures. Some sites allow you to commission custom deepfakes for £25, while on others you can upload a woman’s image and a bot will strip her naked.
“This violation is not something that should be normalised,” says Gibi, an ASMR artist with 3.13 million YouTube subscribers. Gibi has given up trying to keep tabs on the deepfakes of her. For Gibi, the most egregious part of all of this is the fact that people are “profiting off my face, doing something that I didn’t consent to, like my suffering is your livelihood.” She’s even been approached by a company offering to remove the deepfakes — for £500 a video. This has to end. But how?
A website hosting pornographic content provided users the ability to create deepfake content (T0154.002: AI Media Platform, T0086.002: Develop AI-Generated Images (Deepfakes)).
Another website enabled users to commission custom deepfakes (T0152.004: Website Asset, T0148.004: Payment Processing Capability, T0086.002: Develop AI-Generated Images (Deepfakes), T0155.005: Paid Access Asset). |
+| [T0154.002 AI Media Platform](../../generated_pages/techniques/T0154.002.md) | Last October, British writer Helen was alerted to a series of deepfakes on a porn site that appear to show her engaging in extreme acts of sexual violence. That night, the images replayed themselves over and over in horrific nightmares and she was gripped by an all-consuming feeling of dread. “It’s like you’re in a tunnel, going further and further into this enclosed space, where there’s no light,” she tells Vogue. This feeling pervaded Helen’s life. Whenever she left the house, she felt exposed. On runs, she experienced panic attacks. Helen still has no idea who did this to her.
[...]
Amnesty International has been investigating the effects of abuse against women on Twitter, specifically in relation to how they act online thereafter. According to the charity, abuse creates what they’ve called “the silencing effect” whereby women feel discouraged from participating online. The same can be said for victims of deepfakes.
Helen has never been afraid to use her voice, writing deeply personal accounts of postnatal depression. But the deepfakes created a feeling of shame so strong she thought she’d be carrying this “dirty secret” forever, and so she stopped writing.
[...]
Meanwhile, deepfake ‘communities’ are thriving. There are now dedicated sites, user-friendly apps and organised ‘request’ procedures. Some sites allow you to commission custom deepfakes for £25, while on others you can upload a woman’s image and a bot will strip her naked.
“This violation is not something that should be normalised,” says Gibi, an ASMR artist with 3.13 million YouTube subscribers. Gibi has given up trying to keep tabs on the deepfakes of her. For Gibi, the most egregious part of all of this is the fact that people are “profiting off my face, doing something that I didn’t consent to, like my suffering is your livelihood.” She’s even been approached by a company offering to remove the deepfakes — for £500 a video. This has to end. But how?
A website hosting pornographic content provided users the ability to create deepfake content (T0154.002: AI Media Platform, T0086.002: Develop AI-Generated Images (Deepfakes)).
Another website enabled users to commission custom deepfakes (T0152.004: Website Asset, T0148.004: Payment Processing Capability, T0086.002: Develop AI-Generated Images (Deepfakes), T0155.005: Paid Access Asset). |
+| [T0155.005 Paid Access Asset](../../generated_pages/techniques/T0155.005.md) | Last October, British writer Helen was alerted to a series of deepfakes on a porn site that appear to show her engaging in extreme acts of sexual violence. That night, the images replayed themselves over and over in horrific nightmares and she was gripped by an all-consuming feeling of dread. “It’s like you’re in a tunnel, going further and further into this enclosed space, where there’s no light,” she tells Vogue. This feeling pervaded Helen’s life. Whenever she left the house, she felt exposed. On runs, she experienced panic attacks. Helen still has no idea who did this to her.
[...]
Amnesty International has been investigating the effects of abuse against women on Twitter, specifically in relation to how they act online thereafter. According to the charity, abuse creates what they’ve called “the silencing effect” whereby women feel discouraged from participating online. The same can be said for victims of deepfakes.
Helen has never been afraid to use her voice, writing deeply personal accounts of postnatal depression. But the deepfakes created a feeling of shame so strong she thought she’d be carrying this “dirty secret” forever, and so she stopped writing.
[...]
Meanwhile, deepfake ‘communities’ are thriving. There are now dedicated sites, user-friendly apps and organised ‘request’ procedures. Some sites allow you to commission custom deepfakes for £25, while on others you can upload a woman’s image and a bot will strip her naked.
“This violation is not something that should be normalised,” says Gibi, an ASMR artist with 3.13 million YouTube subscribers. Gibi has given up trying to keep tabs on the deepfakes of her. For Gibi, the most egregious part of all of this is the fact that people are “profiting off my face, doing something that I didn’t consent to, like my suffering is your livelihood.” She’s even been approached by a company offering to remove the deepfakes — for £500 a video. This has to end. But how?
A website hosting pornographic content provided users the ability to create deepfake content (T0154.002: AI Media Platform, T0086.002: Develop AI-Generated Images (Deepfakes)).
Another website enabled users to commission custom deepfakes (T0152.004: Website Asset, T0148.004: Payment Processing Capability, T0086.002: Develop AI-Generated Images (Deepfakes), T0155.005: Paid Access Asset). |
DO NOT EDIT ABOVE THIS LINE - PLEASE ADD NOTES BELOW
\ No newline at end of file
diff --git a/generated_pages/incidents/I00100.md b/generated_pages/incidents/I00100.md
index 874341a..7e8afb9 100644
--- a/generated_pages/incidents/I00100.md
+++ b/generated_pages/incidents/I00100.md
@@ -21,9 +21,9 @@
| Technique | Description given for this incident |
| --------- | ------------------------- |
-| [T0086.002 Develop AI-Generated Images (Deepfakes)](../../generated_pages/techniques/T0086.002.md) | IT00000369 You might have heard about the recent viral sensation, ThisPersonDoesNotExist.com, a website, launched two weeks ago, that uses Nvidia’s publicly available artificial intelligence technology to draw an invented, photo-realistic human being with each refresh. The tech is impressive and artistically evocative. It’s also irresponsible and needs to be restricted immediately.
[...]
Prior to this technology, scammers faced three major risks when using fake photos. Each of these risks had the potential to put them out business, or in jail.
Risk #1: Someone recognizes the photo. While the odds of this are long-shot, it does happen.
Risk #2: Someone reverse image searches the photo with a service like TinEye or Google Image Search and finds that it’s been posted elsewhere. Reverse image search is one of the top anti-fraud measures recommended by consumer protection advocates.
Risk #3: If the crime is successful, law enforcement uses the fake photo to figure out the scammer’s identity after the fact. Perhaps the scammer used an old classmate’s photo. Perhaps their personal account follows the Instagram member they pilfered. And so on: people make mistakes.
The problem with AI-generated photos is that they carry none of these risks. No one will recognize a human who’s never existed before. Google Image Search will return 0 results, possibly instilling a false sense of security in the searcher. And AI-generated photos don’t give law enforcement much to work with.
ThisPersonDoesNotExist is an online platform which, when visited, produces AI generated images of peoples’ faces (T0146.006: Open Access Platform, T0154.002: AI Media Platform, T0086.002: Develop AI-Generated Images (Deepfakes)). |
-| [T0146.006 Open Access Platform](../../generated_pages/techniques/T0146.006.md) | IT00000367 You might have heard about the recent viral sensation, ThisPersonDoesNotExist.com, a website, launched two weeks ago, that uses Nvidia’s publicly available artificial intelligence technology to draw an invented, photo-realistic human being with each refresh. The tech is impressive and artistically evocative. It’s also irresponsible and needs to be restricted immediately.
[...]
Prior to this technology, scammers faced three major risks when using fake photos. Each of these risks had the potential to put them out business, or in jail.
Risk #1: Someone recognizes the photo. While the odds of this are long-shot, it does happen.
Risk #2: Someone reverse image searches the photo with a service like TinEye or Google Image Search and finds that it’s been posted elsewhere. Reverse image search is one of the top anti-fraud measures recommended by consumer protection advocates.
Risk #3: If the crime is successful, law enforcement uses the fake photo to figure out the scammer’s identity after the fact. Perhaps the scammer used an old classmate’s photo. Perhaps their personal account follows the Instagram member they pilfered. And so on: people make mistakes.
The problem with AI-generated photos is that they carry none of these risks. No one will recognize a human who’s never existed before. Google Image Search will return 0 results, possibly instilling a false sense of security in the searcher. And AI-generated photos don’t give law enforcement much to work with.
ThisPersonDoesNotExist is an online platform which, when visited, produces AI generated images of peoples’ faces (T0146.006: Open Access Platform, T0154.002: AI Media Platform, T0086.002: Develop AI-Generated Images (Deepfakes)). |
-| [T0154.002 AI Media Platform](../../generated_pages/techniques/T0154.002.md) | IT00000368 You might have heard about the recent viral sensation, ThisPersonDoesNotExist.com, a website, launched two weeks ago, that uses Nvidia’s publicly available artificial intelligence technology to draw an invented, photo-realistic human being with each refresh. The tech is impressive and artistically evocative. It’s also irresponsible and needs to be restricted immediately.
[...]
Prior to this technology, scammers faced three major risks when using fake photos. Each of these risks had the potential to put them out business, or in jail.
Risk #1: Someone recognizes the photo. While the odds of this are long-shot, it does happen.
Risk #2: Someone reverse image searches the photo with a service like TinEye or Google Image Search and finds that it’s been posted elsewhere. Reverse image search is one of the top anti-fraud measures recommended by consumer protection advocates.
Risk #3: If the crime is successful, law enforcement uses the fake photo to figure out the scammer’s identity after the fact. Perhaps the scammer used an old classmate’s photo. Perhaps their personal account follows the Instagram member they pilfered. And so on: people make mistakes.
The problem with AI-generated photos is that they carry none of these risks. No one will recognize a human who’s never existed before. Google Image Search will return 0 results, possibly instilling a false sense of security in the searcher. And AI-generated photos don’t give law enforcement much to work with.
ThisPersonDoesNotExist is an online platform which, when visited, produces AI generated images of peoples’ faces (T0146.006: Open Access Platform, T0154.002: AI Media Platform, T0086.002: Develop AI-Generated Images (Deepfakes)). |
+| [T0086.002 Develop AI-Generated Images (Deepfakes)](../../generated_pages/techniques/T0086.002.md) | You might have heard about the recent viral sensation, ThisPersonDoesNotExist.com, a website, launched two weeks ago, that uses Nvidia’s publicly available artificial intelligence technology to draw an invented, photo-realistic human being with each refresh. The tech is impressive and artistically evocative. It’s also irresponsible and needs to be restricted immediately.
[...]
Prior to this technology, scammers faced three major risks when using fake photos. Each of these risks had the potential to put them out business, or in jail.
Risk #1: Someone recognizes the photo. While the odds of this are long-shot, it does happen.
Risk #2: Someone reverse image searches the photo with a service like TinEye or Google Image Search and finds that it’s been posted elsewhere. Reverse image search is one of the top anti-fraud measures recommended by consumer protection advocates.
Risk #3: If the crime is successful, law enforcement uses the fake photo to figure out the scammer’s identity after the fact. Perhaps the scammer used an old classmate’s photo. Perhaps their personal account follows the Instagram member they pilfered. And so on: people make mistakes.
The problem with AI-generated photos is that they carry none of these risks. No one will recognize a human who’s never existed before. Google Image Search will return 0 results, possibly instilling a false sense of security in the searcher. And AI-generated photos don’t give law enforcement much to work with.
ThisPersonDoesNotExist is an online platform which, when visited, produces AI generated images of peoples’ faces (T0146.006: Open Access Platform, T0154.002: AI Media Platform, T0086.002: Develop AI-Generated Images (Deepfakes)). |
+| [T0146.006 Open Access Platform](../../generated_pages/techniques/T0146.006.md) | You might have heard about the recent viral sensation, ThisPersonDoesNotExist.com, a website, launched two weeks ago, that uses Nvidia’s publicly available artificial intelligence technology to draw an invented, photo-realistic human being with each refresh. The tech is impressive and artistically evocative. It’s also irresponsible and needs to be restricted immediately.
[...]
Prior to this technology, scammers faced three major risks when using fake photos. Each of these risks had the potential to put them out business, or in jail.
Risk #1: Someone recognizes the photo. While the odds of this are long-shot, it does happen.
Risk #2: Someone reverse image searches the photo with a service like TinEye or Google Image Search and finds that it’s been posted elsewhere. Reverse image search is one of the top anti-fraud measures recommended by consumer protection advocates.
Risk #3: If the crime is successful, law enforcement uses the fake photo to figure out the scammer’s identity after the fact. Perhaps the scammer used an old classmate’s photo. Perhaps their personal account follows the Instagram member they pilfered. And so on: people make mistakes.
The problem with AI-generated photos is that they carry none of these risks. No one will recognize a human who’s never existed before. Google Image Search will return 0 results, possibly instilling a false sense of security in the searcher. And AI-generated photos don’t give law enforcement much to work with.
ThisPersonDoesNotExist is an online platform which, when visited, produces AI generated images of peoples’ faces (T0146.006: Open Access Platform, T0154.002: AI Media Platform, T0086.002: Develop AI-Generated Images (Deepfakes)). |
+| [T0154.002 AI Media Platform](../../generated_pages/techniques/T0154.002.md) | You might have heard about the recent viral sensation, ThisPersonDoesNotExist.com, a website, launched two weeks ago, that uses Nvidia’s publicly available artificial intelligence technology to draw an invented, photo-realistic human being with each refresh. The tech is impressive and artistically evocative. It’s also irresponsible and needs to be restricted immediately.
[...]
Prior to this technology, scammers faced three major risks when using fake photos. Each of these risks had the potential to put them out business, or in jail.
Risk #1: Someone recognizes the photo. While the odds of this are long-shot, it does happen.
Risk #2: Someone reverse image searches the photo with a service like TinEye or Google Image Search and finds that it’s been posted elsewhere. Reverse image search is one of the top anti-fraud measures recommended by consumer protection advocates.
Risk #3: If the crime is successful, law enforcement uses the fake photo to figure out the scammer’s identity after the fact. Perhaps the scammer used an old classmate’s photo. Perhaps their personal account follows the Instagram member they pilfered. And so on: people make mistakes.
The problem with AI-generated photos is that they carry none of these risks. No one will recognize a human who’s never existed before. Google Image Search will return 0 results, possibly instilling a false sense of security in the searcher. And AI-generated photos don’t give law enforcement much to work with.
ThisPersonDoesNotExist is an online platform which, when visited, produces AI generated images of peoples’ faces (T0146.006: Open Access Platform, T0154.002: AI Media Platform, T0086.002: Develop AI-Generated Images (Deepfakes)). |
DO NOT EDIT ABOVE THIS LINE - PLEASE ADD NOTES BELOW
\ No newline at end of file
diff --git a/generated_pages/incidents/I00101.md b/generated_pages/incidents/I00101.md
index af73bfe..1dbc135 100644
--- a/generated_pages/incidents/I00101.md
+++ b/generated_pages/incidents/I00101.md
@@ -21,10 +21,10 @@
| Technique | Description given for this incident |
| --------- | ------------------------- |
-| [T0124 Suppress Opposition](../../generated_pages/techniques/T0124.md) | IT00000373 This report looks at changes content posted to communities on Reddit (called Subreddits) after teams of voluntary moderators are replaced with what appear to be pro-Russian voices:
The r/antiwar subreddit appears to be a very recent takeover target. With 12,900 members it is not the largest community on Reddit, but this does place it squarely within the top 5% of all communities in terms of membership.
Three months ago a new moderator team was instated by subreddit head u/democracy101. Any posts documenting Russian aggression in Ukraine are now swiftly removed, while the board has been flooded with posts about how Ukraine is losing, or how American “neocons wrecked” the country.
The pinned post from moderator u/n0ahbody proclaims: “People who call for an end to Russian aggressions but not the Western aggressions Russia is reacting to don’t really want peace.” This user takes the view that any negative opinion about Russia is “shaped by what the fanatically Russophobic MSM wants you to think,” and that the United States is not threatened by its neighbors. Russia is.”
When u/n0ahbody took over the sub, the user posted a triumphant and vitriolic diatribe in another pro-Russia subreddit with some 33,500 members, r/EndlessWar. “We are making progress. We are purging the sub of all NAFO and NAFO-adjacent elements. Hundreds of them have been banned over the last 24 hours for various rule infractions, for being NAFO or NAFO-adjacent,” the user said, referencing the grassroots, pro-Ukrainian North Atlantic Fella Organization (NAFO) meme movement.
Several former users have reported they have indeed been banned from r/antiwar since the change in moderators. “If this subreddit cannot be explicitly against the invasion of Ukraine it will never truly be anti-war,” wrote one user Halcyon_Rein, in the antiwar subreddit on September 6. They then edited the post to say, “Edit: btw, I got f**king banned for this 💀💀💀”
A community hosted on Reddit was taken over by new moderators (T0151.011: Community Sub-Forum, T0150.005: Compromised Asset). These moderators removed content posted to the community which favoured Ukraine over Russia (T0146.004: Administrator Account Asset, T0151.011: Community Sub-Forum, T0124: Suppress Opposition). |
-| [T0146.004 Administrator Account Asset](../../generated_pages/techniques/T0146.004.md) | IT00000372 This report looks at changes content posted to communities on Reddit (called Subreddits) after teams of voluntary moderators are replaced with what appear to be pro-Russian voices:
The r/antiwar subreddit appears to be a very recent takeover target. With 12,900 members it is not the largest community on Reddit, but this does place it squarely within the top 5% of all communities in terms of membership.
Three months ago a new moderator team was instated by subreddit head u/democracy101. Any posts documenting Russian aggression in Ukraine are now swiftly removed, while the board has been flooded with posts about how Ukraine is losing, or how American “neocons wrecked” the country.
The pinned post from moderator u/n0ahbody proclaims: “People who call for an end to Russian aggressions but not the Western aggressions Russia is reacting to don’t really want peace.” This user takes the view that any negative opinion about Russia is “shaped by what the fanatically Russophobic MSM wants you to think,” and that the United States is not threatened by its neighbors. Russia is.”
When u/n0ahbody took over the sub, the user posted a triumphant and vitriolic diatribe in another pro-Russia subreddit with some 33,500 members, r/EndlessWar. “We are making progress. We are purging the sub of all NAFO and NAFO-adjacent elements. Hundreds of them have been banned over the last 24 hours for various rule infractions, for being NAFO or NAFO-adjacent,” the user said, referencing the grassroots, pro-Ukrainian North Atlantic Fella Organization (NAFO) meme movement.
Several former users have reported they have indeed been banned from r/antiwar since the change in moderators. “If this subreddit cannot be explicitly against the invasion of Ukraine it will never truly be anti-war,” wrote one user Halcyon_Rein, in the antiwar subreddit on September 6. They then edited the post to say, “Edit: btw, I got f**king banned for this 💀💀💀”
A community hosted on Reddit was taken over by new moderators (T0151.011: Community Sub-Forum, T0150.005: Compromised Asset). These moderators removed content posted to the community which favoured Ukraine over Russia (T0146.004: Administrator Account Asset, T0151.011: Community Sub-Forum, T0124: Suppress Opposition). |
-| [T0150.005 Compromised Asset](../../generated_pages/techniques/T0150.005.md) | IT00000371 This report looks at changes content posted to communities on Reddit (called Subreddits) after teams of voluntary moderators are replaced with what appear to be pro-Russian voices:
The r/antiwar subreddit appears to be a very recent takeover target. With 12,900 members it is not the largest community on Reddit, but this does place it squarely within the top 5% of all communities in terms of membership.
Three months ago a new moderator team was instated by subreddit head u/democracy101. Any posts documenting Russian aggression in Ukraine are now swiftly removed, while the board has been flooded with posts about how Ukraine is losing, or how American “neocons wrecked” the country.
The pinned post from moderator u/n0ahbody proclaims: “People who call for an end to Russian aggressions but not the Western aggressions Russia is reacting to don’t really want peace.” This user takes the view that any negative opinion about Russia is “shaped by what the fanatically Russophobic MSM wants you to think,” and that the United States is not threatened by its neighbors. Russia is.”
When u/n0ahbody took over the sub, the user posted a triumphant and vitriolic diatribe in another pro-Russia subreddit with some 33,500 members, r/EndlessWar. “We are making progress. We are purging the sub of all NAFO and NAFO-adjacent elements. Hundreds of them have been banned over the last 24 hours for various rule infractions, for being NAFO or NAFO-adjacent,” the user said, referencing the grassroots, pro-Ukrainian North Atlantic Fella Organization (NAFO) meme movement.
Several former users have reported they have indeed been banned from r/antiwar since the change in moderators. “If this subreddit cannot be explicitly against the invasion of Ukraine it will never truly be anti-war,” wrote one user Halcyon_Rein, in the antiwar subreddit on September 6. They then edited the post to say, “Edit: btw, I got f**king banned for this 💀💀💀”
A community hosted on Reddit was taken over by new moderators (T0151.011: Community Sub-Forum, T0150.005: Compromised Asset). These moderators removed content posted to the community which favoured Ukraine over Russia (T0146.004: Administrator Account Asset, T0151.011: Community Sub-Forum, T0124: Suppress Opposition). |
-| [T0151.011 Community Sub-Forum](../../generated_pages/techniques/T0151.011.md) | IT00000370 This report looks at changes content posted to communities on Reddit (called Subreddits) after teams of voluntary moderators are replaced with what appear to be pro-Russian voices:
The r/antiwar subreddit appears to be a very recent takeover target. With 12,900 members it is not the largest community on Reddit, but this does place it squarely within the top 5% of all communities in terms of membership.
Three months ago a new moderator team was instated by subreddit head u/democracy101. Any posts documenting Russian aggression in Ukraine are now swiftly removed, while the board has been flooded with posts about how Ukraine is losing, or how American “neocons wrecked” the country.
The pinned post from moderator u/n0ahbody proclaims: “People who call for an end to Russian aggressions but not the Western aggressions Russia is reacting to don’t really want peace.” This user takes the view that any negative opinion about Russia is “shaped by what the fanatically Russophobic MSM wants you to think,” and that the United States is not threatened by its neighbors. Russia is.”
When u/n0ahbody took over the sub, the user posted a triumphant and vitriolic diatribe in another pro-Russia subreddit with some 33,500 members, r/EndlessWar. “We are making progress. We are purging the sub of all NAFO and NAFO-adjacent elements. Hundreds of them have been banned over the last 24 hours for various rule infractions, for being NAFO or NAFO-adjacent,” the user said, referencing the grassroots, pro-Ukrainian North Atlantic Fella Organization (NAFO) meme movement.
Several former users have reported they have indeed been banned from r/antiwar since the change in moderators. “If this subreddit cannot be explicitly against the invasion of Ukraine it will never truly be anti-war,” wrote one user Halcyon_Rein, in the antiwar subreddit on September 6. They then edited the post to say, “Edit: btw, I got f**king banned for this 💀💀💀”
A community hosted on Reddit was taken over by new moderators (T0151.011: Community Sub-Forum, T0150.005: Compromised Asset). These moderators removed content posted to the community which favoured Ukraine over Russia (T0146.004: Administrator Account Asset, T0151.011: Community Sub-Forum, T0124: Suppress Opposition). |
+| [T0124 Suppress Opposition](../../generated_pages/techniques/T0124.md) | This report looks at changes content posted to communities on Reddit (called Subreddits) after teams of voluntary moderators are replaced with what appear to be pro-Russian voices:
The r/antiwar subreddit appears to be a very recent takeover target. With 12,900 members it is not the largest community on Reddit, but this does place it squarely within the top 5% of all communities in terms of membership.
Three months ago a new moderator team was instated by subreddit head u/democracy101. Any posts documenting Russian aggression in Ukraine are now swiftly removed, while the board has been flooded with posts about how Ukraine is losing, or how American “neocons wrecked” the country.
The pinned post from moderator u/n0ahbody proclaims: “People who call for an end to Russian aggressions but not the Western aggressions Russia is reacting to don’t really want peace.” This user takes the view that any negative opinion about Russia is “shaped by what the fanatically Russophobic MSM wants you to think,” and that the United States is not threatened by its neighbors. Russia is.”
When u/n0ahbody took over the sub, the user posted a triumphant and vitriolic diatribe in another pro-Russia subreddit with some 33,500 members, r/EndlessWar. “We are making progress. We are purging the sub of all NAFO and NAFO-adjacent elements. Hundreds of them have been banned over the last 24 hours for various rule infractions, for being NAFO or NAFO-adjacent,” the user said, referencing the grassroots, pro-Ukrainian North Atlantic Fella Organization (NAFO) meme movement.
Several former users have reported they have indeed been banned from r/antiwar since the change in moderators. “If this subreddit cannot be explicitly against the invasion of Ukraine it will never truly be anti-war,” wrote one user Halcyon_Rein, in the antiwar subreddit on September 6. They then edited the post to say, “Edit: btw, I got f**king banned for this 💀💀💀”
A community hosted on Reddit was taken over by new moderators (T0151.011: Community Sub-Forum, T0150.005: Compromised Asset). These moderators removed content posted to the community which favoured Ukraine over Russia (T0146.004: Administrator Account Asset, T0151.011: Community Sub-Forum, T0124: Suppress Opposition). |
+| [T0146.004 Administrator Account Asset](../../generated_pages/techniques/T0146.004.md) | This report looks at changes content posted to communities on Reddit (called Subreddits) after teams of voluntary moderators are replaced with what appear to be pro-Russian voices:
The r/antiwar subreddit appears to be a very recent takeover target. With 12,900 members it is not the largest community on Reddit, but this does place it squarely within the top 5% of all communities in terms of membership.
Three months ago a new moderator team was instated by subreddit head u/democracy101. Any posts documenting Russian aggression in Ukraine are now swiftly removed, while the board has been flooded with posts about how Ukraine is losing, or how American “neocons wrecked” the country.
The pinned post from moderator u/n0ahbody proclaims: “People who call for an end to Russian aggressions but not the Western aggressions Russia is reacting to don’t really want peace.” This user takes the view that any negative opinion about Russia is “shaped by what the fanatically Russophobic MSM wants you to think,” and that the United States is not threatened by its neighbors. Russia is.”
When u/n0ahbody took over the sub, the user posted a triumphant and vitriolic diatribe in another pro-Russia subreddit with some 33,500 members, r/EndlessWar. “We are making progress. We are purging the sub of all NAFO and NAFO-adjacent elements. Hundreds of them have been banned over the last 24 hours for various rule infractions, for being NAFO or NAFO-adjacent,” the user said, referencing the grassroots, pro-Ukrainian North Atlantic Fella Organization (NAFO) meme movement.
Several former users have reported they have indeed been banned from r/antiwar since the change in moderators. “If this subreddit cannot be explicitly against the invasion of Ukraine it will never truly be anti-war,” wrote one user Halcyon_Rein, in the antiwar subreddit on September 6. They then edited the post to say, “Edit: btw, I got f**king banned for this 💀💀💀”
A community hosted on Reddit was taken over by new moderators (T0151.011: Community Sub-Forum, T0150.005: Compromised Asset). These moderators removed content posted to the community which favoured Ukraine over Russia (T0146.004: Administrator Account Asset, T0151.011: Community Sub-Forum, T0124: Suppress Opposition). |
+| [T0150.005 Compromised Asset](../../generated_pages/techniques/T0150.005.md) | This report looks at changes content posted to communities on Reddit (called Subreddits) after teams of voluntary moderators are replaced with what appear to be pro-Russian voices:
The r/antiwar subreddit appears to be a very recent takeover target. With 12,900 members it is not the largest community on Reddit, but this does place it squarely within the top 5% of all communities in terms of membership.
Three months ago a new moderator team was instated by subreddit head u/democracy101. Any posts documenting Russian aggression in Ukraine are now swiftly removed, while the board has been flooded with posts about how Ukraine is losing, or how American “neocons wrecked” the country.
The pinned post from moderator u/n0ahbody proclaims: “People who call for an end to Russian aggressions but not the Western aggressions Russia is reacting to don’t really want peace.” This user takes the view that any negative opinion about Russia is “shaped by what the fanatically Russophobic MSM wants you to think,” and that the United States is not threatened by its neighbors. Russia is.”
When u/n0ahbody took over the sub, the user posted a triumphant and vitriolic diatribe in another pro-Russia subreddit with some 33,500 members, r/EndlessWar. “We are making progress. We are purging the sub of all NAFO and NAFO-adjacent elements. Hundreds of them have been banned over the last 24 hours for various rule infractions, for being NAFO or NAFO-adjacent,” the user said, referencing the grassroots, pro-Ukrainian North Atlantic Fella Organization (NAFO) meme movement.
Several former users have reported they have indeed been banned from r/antiwar since the change in moderators. “If this subreddit cannot be explicitly against the invasion of Ukraine it will never truly be anti-war,” wrote one user Halcyon_Rein, in the antiwar subreddit on September 6. They then edited the post to say, “Edit: btw, I got f**king banned for this 💀💀💀”
A community hosted on Reddit was taken over by new moderators (T0151.011: Community Sub-Forum, T0150.005: Compromised Asset). These moderators removed content posted to the community which favoured Ukraine over Russia (T0146.004: Administrator Account Asset, T0151.011: Community Sub-Forum, T0124: Suppress Opposition). |
+| [T0151.011 Community Sub-Forum](../../generated_pages/techniques/T0151.011.md) | This report looks at changes content posted to communities on Reddit (called Subreddits) after teams of voluntary moderators are replaced with what appear to be pro-Russian voices:
The r/antiwar subreddit appears to be a very recent takeover target. With 12,900 members it is not the largest community on Reddit, but this does place it squarely within the top 5% of all communities in terms of membership.
Three months ago a new moderator team was instated by subreddit head u/democracy101. Any posts documenting Russian aggression in Ukraine are now swiftly removed, while the board has been flooded with posts about how Ukraine is losing, or how American “neocons wrecked” the country.
The pinned post from moderator u/n0ahbody proclaims: “People who call for an end to Russian aggressions but not the Western aggressions Russia is reacting to don’t really want peace.” This user takes the view that any negative opinion about Russia is “shaped by what the fanatically Russophobic MSM wants you to think,” and that the United States is not threatened by its neighbors. Russia is.”
When u/n0ahbody took over the sub, the user posted a triumphant and vitriolic diatribe in another pro-Russia subreddit with some 33,500 members, r/EndlessWar. “We are making progress. We are purging the sub of all NAFO and NAFO-adjacent elements. Hundreds of them have been banned over the last 24 hours for various rule infractions, for being NAFO or NAFO-adjacent,” the user said, referencing the grassroots, pro-Ukrainian North Atlantic Fella Organization (NAFO) meme movement.
Several former users have reported they have indeed been banned from r/antiwar since the change in moderators. “If this subreddit cannot be explicitly against the invasion of Ukraine it will never truly be anti-war,” wrote one user Halcyon_Rein, in the antiwar subreddit on September 6. They then edited the post to say, “Edit: btw, I got f**king banned for this 💀💀💀”
A community hosted on Reddit was taken over by new moderators (T0151.011: Community Sub-Forum, T0150.005: Compromised Asset). These moderators removed content posted to the community which favoured Ukraine over Russia (T0146.004: Administrator Account Asset, T0151.011: Community Sub-Forum, T0124: Suppress Opposition). |
DO NOT EDIT ABOVE THIS LINE - PLEASE ADD NOTES BELOW
\ No newline at end of file
diff --git a/generated_pages/incidents/I00102.md b/generated_pages/incidents/I00102.md
index ac142a4..5b23ac2 100644
--- a/generated_pages/incidents/I00102.md
+++ b/generated_pages/incidents/I00102.md
@@ -21,16 +21,16 @@
| Technique | Description given for this incident |
| --------- | ------------------------- |
-| [T0084.004 Appropriate Content](../../generated_pages/techniques/T0084.004.md) | IT00000377 On April 27, 2019, at around 11:30 a.m. local time, a young man with a semi-automatic rifle walked into the Chabad of Poway Synagogue in Poway, California. He opened fire, killing one worshipper and wounding three others. In the hours since the shooting, a manifesto, believed to be written by the shooter, began circulating online. Evidence has also surfaced that, like the Christchurch Mosque shooter, this killer began his rampage with a post on 8chan’s /pol/ board.
Although both of these attacks may seem different, since they targeted worshippers of different faiths, both shooters were united by the same fascist ideology. They were also both radicalized in the same place: 8chan’s /pol/ board.
This has been corroborated by posts on the board itself, where “anons,” as the posters call themselves, recirculated the shooter’s since-deleted post. In it, the alleged shooter claims to have been “lurking” on the site for a year and a half. He includes a link to a livestream of his rampage — which thankfully does not appear to have worked — and he also includes a pastebin link to his manifesto.
The very first response to his announcement was another anon cheering him on and telling him to “get the high score,” AKA, kill a huge number of people.
Before carrying out a mass shooting, the shooter posted a thread to 8chan’s /pol/ board. The post directed users to a variety of different platforms (T0146.006: Open Access Platform, T0151.012: Image Board Platform, T0115: Post Content, T0122: Direct Users to Alternative Platforms); a Facebook account on which the shooter attempted to livestream the shooting (T0146: Account Asset, T0151.001: Social Media Platform); and a manifesto they had written hosted on pastebin (T0146.006: Open Access Platform, T0152.005: Paste Platform, T0115: Post Content) and uploaded to the file sharing platform Mediafire (T0152.010: File Hosting Platform, T0085.004: Develop Document).
The report looks deeper into 8chan’s /pol/ board:
8chan is a large website, which includes a number of different discussion groups about everything from anime to left-wing politics. /pol/ is one particularly active board on the website, and it is best described as a gathering place for extremely online neo-Nazis.
[...]
I’ve browsed /pol/ on an almost daily basis since the Christchurch shooting. It has not been difficult to find calls for violence. On Monday, March 25 of this year, I ran across evidence of anons translating the Christchurch shooter’s manifesto into other languages in an attempt to inspire more shootings across the globe.
This tactic can work, and today’s shooting is proof. The Poway Synagogue shooter directly cited the Christchurch shooter as his inspiration, saying he decided to carry out his attack roughly two weeks after that shooting. On /pol/, many anons refer to the Christchurch shooter, Brenton Tarrant, as “Saint Tarrant,” complete with medieval-inspired iconography.
Manifestos posted to 8chan are translated and reshared by other platform users (T0101: Create Localised Content, T0146.006: Open Access Platform, T0151.012: Image Board Platform, T0115: Post Content, T0084.004: Appropriate Content).
When I began looking through /pol/ right after the Poway Synagogue shooting, I came across several claims that the shootings had been a “false flag” aimed at making the message board look bad.
When Bellingcat tweeted out a warning about shitposting and the shooter’s manifesto, in the immediate wake of the attack, probable anons even commented on the Tweet in an attempt to deny that a channer had been behind the attack.
This is a recognizable pattern that occurs in the wake of any crimes committed by members of the board. While the initial response to the Christchurch shooter’s massacre thread was riotous glee, in the days after the shooting many anons began to claim the attack had been a false flag. This actually sparked significant division and debate between the members of /pol/. In the below image, a user mocks other anons for being unable to “believe something in your favor is real.” Another anon responds, “As the evidence comes out, its [sic] quite clear that this was a false flag.”
In his manifesto, the Poway Synagogue shooter even weighed in on this debate, accusing other anons who called the Christchurch and Tree of Life Synagogue shootings “false flags” to merely have been scared: “They can’t fathom that there are brave White men alive who have the willpower and courage it takes to say, ‘Fuck my life—I’m willing to sacrifice everything for the benefit of my race.’”
Platform users deny that their platform has been used by mass shooters to publish their manifestos (T0129.006: Deny Involvement). |
-| [T0085.004 Develop Document](../../generated_pages/techniques/T0085.004.md) | IT00000378 On April 27, 2019, at around 11:30 a.m. local time, a young man with a semi-automatic rifle walked into the Chabad of Poway Synagogue in Poway, California. He opened fire, killing one worshipper and wounding three others. In the hours since the shooting, a manifesto, believed to be written by the shooter, began circulating online. Evidence has also surfaced that, like the Christchurch Mosque shooter, this killer began his rampage with a post on 8chan’s /pol/ board.
Although both of these attacks may seem different, since they targeted worshippers of different faiths, both shooters were united by the same fascist ideology. They were also both radicalized in the same place: 8chan’s /pol/ board.
This has been corroborated by posts on the board itself, where “anons,” as the posters call themselves, recirculated the shooter’s since-deleted post. In it, the alleged shooter claims to have been “lurking” on the site for a year and a half. He includes a link to a livestream of his rampage — which thankfully does not appear to have worked — and he also includes a pastebin link to his manifesto.
The very first response to his announcement was another anon cheering him on and telling him to “get the high score,” AKA, kill a huge number of people.
Before carrying out a mass shooting, the shooter posted a thread to 8chan’s /pol/ board. The post directed users to a variety of different platforms (T0146.006: Open Access Platform, T0151.012: Image Board Platform, T0115: Post Content, T0122: Direct Users to Alternative Platforms); a Facebook account on which the shooter attempted to livestream the shooting (T0146: Account Asset, T0151.001: Social Media Platform); and a manifesto they had written hosted on pastebin (T0146.006: Open Access Platform, T0152.005: Paste Platform, T0115: Post Content) and uploaded to the file sharing platform Mediafire (T0152.010: File Hosting Platform, T0085.004: Develop Document).
The report looks deeper into 8chan’s /pol/ board:
8chan is a large website, which includes a number of different discussion groups about everything from anime to left-wing politics. /pol/ is one particularly active board on the website, and it is best described as a gathering place for extremely online neo-Nazis.
[...]
I’ve browsed /pol/ on an almost daily basis since the Christchurch shooting. It has not been difficult to find calls for violence. On Monday, March 25 of this year, I ran across evidence of anons translating the Christchurch shooter’s manifesto into other languages in an attempt to inspire more shootings across the globe.
This tactic can work, and today’s shooting is proof. The Poway Synagogue shooter directly cited the Christchurch shooter as his inspiration, saying he decided to carry out his attack roughly two weeks after that shooting. On /pol/, many anons refer to the Christchurch shooter, Brenton Tarrant, as “Saint Tarrant,” complete with medieval-inspired iconography.
Manifestos posted to 8chan are translated and reshared by other platform users (T0101: Create Localised Content, T0146.006: Open Access Platform, T0151.012: Image Board Platform, T0115: Post Content, T0084.004: Appropriate Content).
When I began looking through /pol/ right after the Poway Synagogue shooting, I came across several claims that the shootings had been a “false flag” aimed at making the message board look bad.
When Bellingcat tweeted out a warning about shitposting and the shooter’s manifesto, in the immediate wake of the attack, probable anons even commented on the Tweet in an attempt to deny that a channer had been behind the attack.
This is a recognizable pattern that occurs in the wake of any crimes committed by members of the board. While the initial response to the Christchurch shooter’s massacre thread was riotous glee, in the days after the shooting many anons began to claim the attack had been a false flag. This actually sparked significant division and debate between the members of /pol/. In the below image, a user mocks other anons for being unable to “believe something in your favor is real.” Another anon responds, “As the evidence comes out, its [sic] quite clear that this was a false flag.”
In his manifesto, the Poway Synagogue shooter even weighed in on this debate, accusing other anons who called the Christchurch and Tree of Life Synagogue shootings “false flags” to merely have been scared: “They can’t fathom that there are brave White men alive who have the willpower and courage it takes to say, ‘Fuck my life—I’m willing to sacrifice everything for the benefit of my race.’”
Platform users deny that their platform has been used by mass shooters to publish their manifestos (T0129.006: Deny Involvement). |
-| [T0101 Create Localised Content](../../generated_pages/techniques/T0101.md) | IT00000375 On April 27, 2019, at around 11:30 a.m. local time, a young man with a semi-automatic rifle walked into the Chabad of Poway Synagogue in Poway, California. He opened fire, killing one worshipper and wounding three others. In the hours since the shooting, a manifesto, believed to be written by the shooter, began circulating online. Evidence has also surfaced that, like the Christchurch Mosque shooter, this killer began his rampage with a post on 8chan’s /pol/ board.
Although both of these attacks may seem different, since they targeted worshippers of different faiths, both shooters were united by the same fascist ideology. They were also both radicalized in the same place: 8chan’s /pol/ board.
This has been corroborated by posts on the board itself, where “anons,” as the posters call themselves, recirculated the shooter’s since-deleted post. In it, the alleged shooter claims to have been “lurking” on the site for a year and a half. He includes a link to a livestream of his rampage — which thankfully does not appear to have worked — and he also includes a pastebin link to his manifesto.
The very first response to his announcement was another anon cheering him on and telling him to “get the high score,” AKA, kill a huge number of people.
Before carrying out a mass shooting, the shooter posted a thread to 8chan’s /pol/ board. The post directed users to a variety of different platforms (T0146.006: Open Access Platform, T0151.012: Image Board Platform, T0115: Post Content, T0122: Direct Users to Alternative Platforms); a Facebook account on which the shooter attempted to livestream the shooting (T0146: Account Asset, T0151.001: Social Media Platform); and a manifesto they had written hosted on pastebin (T0146.006: Open Access Platform, T0152.005: Paste Platform, T0115: Post Content) and uploaded to the file sharing platform Mediafire (T0152.010: File Hosting Platform, T0085.004: Develop Document).
The report looks deeper into 8chan’s /pol/ board:
8chan is a large website, which includes a number of different discussion groups about everything from anime to left-wing politics. /pol/ is one particularly active board on the website, and it is best described as a gathering place for extremely online neo-Nazis.
[...]
I’ve browsed /pol/ on an almost daily basis since the Christchurch shooting. It has not been difficult to find calls for violence. On Monday, March 25 of this year, I ran across evidence of anons translating the Christchurch shooter’s manifesto into other languages in an attempt to inspire more shootings across the globe.
This tactic can work, and today’s shooting is proof. The Poway Synagogue shooter directly cited the Christchurch shooter as his inspiration, saying he decided to carry out his attack roughly two weeks after that shooting. On /pol/, many anons refer to the Christchurch shooter, Brenton Tarrant, as “Saint Tarrant,” complete with medieval-inspired iconography.
Manifestos posted to 8chan are translated and reshared by other platform users (T0101: Create Localised Content, T0146.006: Open Access Platform, T0151.012: Image Board Platform, T0115: Post Content, T0084.004: Appropriate Content).
When I began looking through /pol/ right after the Poway Synagogue shooting, I came across several claims that the shootings had been a “false flag” aimed at making the message board look bad.
When Bellingcat tweeted out a warning about shitposting and the shooter’s manifesto, in the immediate wake of the attack, probable anons even commented on the Tweet in an attempt to deny that a channer had been behind the attack.
This is a recognizable pattern that occurs in the wake of any crimes committed by members of the board. While the initial response to the Christchurch shooter’s massacre thread was riotous glee, in the days after the shooting many anons began to claim the attack had been a false flag. This actually sparked significant division and debate between the members of /pol/. In the below image, a user mocks other anons for being unable to “believe something in your favor is real.” Another anon responds, “As the evidence comes out, its [sic] quite clear that this was a false flag.”
In his manifesto, the Poway Synagogue shooter even weighed in on this debate, accusing other anons who called the Christchurch and Tree of Life Synagogue shootings “false flags” to merely have been scared: “They can’t fathom that there are brave White men alive who have the willpower and courage it takes to say, ‘Fuck my life—I’m willing to sacrifice everything for the benefit of my race.’”
Platform users deny that their platform has been used by mass shooters to publish their manifestos (T0129.006: Deny Involvement). |
-| [T0122 Direct Users to Alternative Platforms](../../generated_pages/techniques/T0122.md) | IT00000382 On April 27, 2019, at around 11:30 a.m. local time, a young man with a semi-automatic rifle walked into the Chabad of Poway Synagogue in Poway, California. He opened fire, killing one worshipper and wounding three others. In the hours since the shooting, a manifesto, believed to be written by the shooter, began circulating online. Evidence has also surfaced that, like the Christchurch Mosque shooter, this killer began his rampage with a post on 8chan’s /pol/ board.
Although both of these attacks may seem different, since they targeted worshippers of different faiths, both shooters were united by the same fascist ideology. They were also both radicalized in the same place: 8chan’s /pol/ board.
This has been corroborated by posts on the board itself, where “anons,” as the posters call themselves, recirculated the shooter’s since-deleted post. In it, the alleged shooter claims to have been “lurking” on the site for a year and a half. He includes a link to a livestream of his rampage — which thankfully does not appear to have worked — and he also includes a pastebin link to his manifesto.
The very first response to his announcement was another anon cheering him on and telling him to “get the high score,” AKA, kill a huge number of people.
Before carrying out a mass shooting, the shooter posted a thread to 8chan’s /pol/ board. The post directed users to a variety of different platforms (T0146.006: Open Access Platform, T0151.012: Image Board Platform, T0115: Post Content, T0122: Direct Users to Alternative Platforms); a Facebook account on which the shooter attempted to livestream the shooting (T0146: Account Asset, T0151.001: Social Media Platform); and a manifesto they had written hosted on pastebin (T0146.006: Open Access Platform, T0152.005: Paste Platform, T0115: Post Content) and uploaded to the file sharing platform Mediafire (T0152.010: File Hosting Platform, T0085.004: Develop Document).
The report looks deeper into 8chan’s /pol/ board:
8chan is a large website, which includes a number of different discussion groups about everything from anime to left-wing politics. /pol/ is one particularly active board on the website, and it is best described as a gathering place for extremely online neo-Nazis.
[...]
I’ve browsed /pol/ on an almost daily basis since the Christchurch shooting. It has not been difficult to find calls for violence. On Monday, March 25 of this year, I ran across evidence of anons translating the Christchurch shooter’s manifesto into other languages in an attempt to inspire more shootings across the globe.
This tactic can work, and today’s shooting is proof. The Poway Synagogue shooter directly cited the Christchurch shooter as his inspiration, saying he decided to carry out his attack roughly two weeks after that shooting. On /pol/, many anons refer to the Christchurch shooter, Brenton Tarrant, as “Saint Tarrant,” complete with medieval-inspired iconography.
Manifestos posted to 8chan are translated and reshared by other platform users (T0101: Create Localised Content, T0146.006: Open Access Platform, T0151.012: Image Board Platform, T0115: Post Content, T0084.004: Appropriate Content).
When I began looking through /pol/ right after the Poway Synagogue shooting, I came across several claims that the shootings had been a “false flag” aimed at making the message board look bad.
When Bellingcat tweeted out a warning about shitposting and the shooter’s manifesto, in the immediate wake of the attack, probable anons even commented on the Tweet in an attempt to deny that a channer had been behind the attack.
This is a recognizable pattern that occurs in the wake of any crimes committed by members of the board. While the initial response to the Christchurch shooter’s massacre thread was riotous glee, in the days after the shooting many anons began to claim the attack had been a false flag. This actually sparked significant division and debate between the members of /pol/. In the below image, a user mocks other anons for being unable to “believe something in your favor is real.” Another anon responds, “As the evidence comes out, its [sic] quite clear that this was a false flag.”
In his manifesto, the Poway Synagogue shooter even weighed in on this debate, accusing other anons who called the Christchurch and Tree of Life Synagogue shootings “false flags” to merely have been scared: “They can’t fathom that there are brave White men alive who have the willpower and courage it takes to say, ‘Fuck my life—I’m willing to sacrifice everything for the benefit of my race.’”
Platform users deny that their platform has been used by mass shooters to publish their manifestos (T0129.006: Deny Involvement). |
-| [T0129.006 Deny Involvement](../../generated_pages/techniques/T0129.006.md) | IT00000383 On April 27, 2019, at around 11:30 a.m. local time, a young man with a semi-automatic rifle walked into the Chabad of Poway Synagogue in Poway, California. He opened fire, killing one worshipper and wounding three others. In the hours since the shooting, a manifesto, believed to be written by the shooter, began circulating online. Evidence has also surfaced that, like the Christchurch Mosque shooter, this killer began his rampage with a post on 8chan’s /pol/ board.
Although both of these attacks may seem different, since they targeted worshippers of different faiths, both shooters were united by the same fascist ideology. They were also both radicalized in the same place: 8chan’s /pol/ board.
This has been corroborated by posts on the board itself, where “anons,” as the posters call themselves, recirculated the shooter’s since-deleted post. In it, the alleged shooter claims to have been “lurking” on the site for a year and a half. He includes a link to a livestream of his rampage — which thankfully does not appear to have worked — and he also includes a pastebin link to his manifesto.
The very first response to his announcement was another anon cheering him on and telling him to “get the high score,” AKA, kill a huge number of people.
Before carrying out a mass shooting, the shooter posted a thread to 8chan’s /pol/ board. The post directed users to a variety of different platforms (T0146.006: Open Access Platform, T0151.012: Image Board Platform, T0115: Post Content, T0122: Direct Users to Alternative Platforms); a Facebook account on which the shooter attempted to livestream the shooting (T0146: Account Asset, T0151.001: Social Media Platform); and a manifesto they had written hosted on pastebin (T0146.006: Open Access Platform, T0152.005: Paste Platform, T0115: Post Content) and uploaded to the file sharing platform Mediafire (T0152.010: File Hosting Platform, T0085.004: Develop Document).
The report looks deeper into 8chan’s /pol/ board:
8chan is a large website, which includes a number of different discussion groups about everything from anime to left-wing politics. /pol/ is one particularly active board on the website, and it is best described as a gathering place for extremely online neo-Nazis.
[...]
I’ve browsed /pol/ on an almost daily basis since the Christchurch shooting. It has not been difficult to find calls for violence. On Monday, March 25 of this year, I ran across evidence of anons translating the Christchurch shooter’s manifesto into other languages in an attempt to inspire more shootings across the globe.
This tactic can work, and today’s shooting is proof. The Poway Synagogue shooter directly cited the Christchurch shooter as his inspiration, saying he decided to carry out his attack roughly two weeks after that shooting. On /pol/, many anons refer to the Christchurch shooter, Brenton Tarrant, as “Saint Tarrant,” complete with medieval-inspired iconography.
Manifestos posted to 8chan are translated and reshared by other platform users (T0101: Create Localised Content, T0146.006: Open Access Platform, T0151.012: Image Board Platform, T0115: Post Content, T0084.004: Appropriate Content).
When I began looking through /pol/ right after the Poway Synagogue shooting, I came across several claims that the shootings had been a “false flag” aimed at making the message board look bad.
When Bellingcat tweeted out a warning about shitposting and the shooter’s manifesto, in the immediate wake of the attack, probable anons even commented on the Tweet in an attempt to deny that a channer had been behind the attack.
This is a recognizable pattern that occurs in the wake of any crimes committed by members of the board. While the initial response to the Christchurch shooter’s massacre thread was riotous glee, in the days after the shooting many anons began to claim the attack had been a false flag. This actually sparked significant division and debate between the members of /pol/. In the below image, a user mocks other anons for being unable to “believe something in your favor is real.” Another anon responds, “As the evidence comes out, its [sic] quite clear that this was a false flag.”
In his manifesto, the Poway Synagogue shooter even weighed in on this debate, accusing other anons who called the Christchurch and Tree of Life Synagogue shootings “false flags” to merely have been scared: “They can’t fathom that there are brave White men alive who have the willpower and courage it takes to say, ‘Fuck my life—I’m willing to sacrifice everything for the benefit of my race.’”
Platform users deny that their platform has been used by mass shooters to publish their manifestos (T0129.006: Deny Involvement). |
-| [T0146.006 Open Access Platform](../../generated_pages/techniques/T0146.006.md) | IT00000376 On April 27, 2019, at around 11:30 a.m. local time, a young man with a semi-automatic rifle walked into the Chabad of Poway Synagogue in Poway, California. He opened fire, killing one worshipper and wounding three others. In the hours since the shooting, a manifesto, believed to be written by the shooter, began circulating online. Evidence has also surfaced that, like the Christchurch Mosque shooter, this killer began his rampage with a post on 8chan’s /pol/ board.
Although both of these attacks may seem different, since they targeted worshippers of different faiths, both shooters were united by the same fascist ideology. They were also both radicalized in the same place: 8chan’s /pol/ board.
This has been corroborated by posts on the board itself, where “anons,” as the posters call themselves, recirculated the shooter’s since-deleted post. In it, the alleged shooter claims to have been “lurking” on the site for a year and a half. He includes a link to a livestream of his rampage — which thankfully does not appear to have worked — and he also includes a pastebin link to his manifesto.
The very first response to his announcement was another anon cheering him on and telling him to “get the high score,” AKA, kill a huge number of people.
Before carrying out a mass shooting, the shooter posted a thread to 8chan’s /pol/ board. The post directed users to a variety of different platforms (T0146.006: Open Access Platform, T0151.012: Image Board Platform, T0115: Post Content, T0122: Direct Users to Alternative Platforms); a Facebook account on which the shooter attempted to livestream the shooting (T0146: Account Asset, T0151.001: Social Media Platform); and a manifesto they had written hosted on pastebin (T0146.006: Open Access Platform, T0152.005: Paste Platform, T0115: Post Content) and uploaded to the file sharing platform Mediafire (T0152.010: File Hosting Platform, T0085.004: Develop Document).
The report looks deeper into 8chan’s /pol/ board:
8chan is a large website, which includes a number of different discussion groups about everything from anime to left-wing politics. /pol/ is one particularly active board on the website, and it is best described as a gathering place for extremely online neo-Nazis.
[...]
I’ve browsed /pol/ on an almost daily basis since the Christchurch shooting. It has not been difficult to find calls for violence. On Monday, March 25 of this year, I ran across evidence of anons translating the Christchurch shooter’s manifesto into other languages in an attempt to inspire more shootings across the globe.
This tactic can work, and today’s shooting is proof. The Poway Synagogue shooter directly cited the Christchurch shooter as his inspiration, saying he decided to carry out his attack roughly two weeks after that shooting. On /pol/, many anons refer to the Christchurch shooter, Brenton Tarrant, as “Saint Tarrant,” complete with medieval-inspired iconography.
Manifestos posted to 8chan are translated and reshared by other platform users (T0101: Create Localised Content, T0146.006: Open Access Platform, T0151.012: Image Board Platform, T0115: Post Content, T0084.004: Appropriate Content).
When I began looking through /pol/ right after the Poway Synagogue shooting, I came across several claims that the shootings had been a “false flag” aimed at making the message board look bad.
When Bellingcat tweeted out a warning about shitposting and the shooter’s manifesto, in the immediate wake of the attack, probable anons even commented on the Tweet in an attempt to deny that a channer had been behind the attack.
This is a recognizable pattern that occurs in the wake of any crimes committed by members of the board. While the initial response to the Christchurch shooter’s massacre thread was riotous glee, in the days after the shooting many anons began to claim the attack had been a false flag. This actually sparked significant division and debate between the members of /pol/. In the below image, a user mocks other anons for being unable to “believe something in your favor is real.” Another anon responds, “As the evidence comes out, its [sic] quite clear that this was a false flag.”
In his manifesto, the Poway Synagogue shooter even weighed in on this debate, accusing other anons who called the Christchurch and Tree of Life Synagogue shootings “false flags” to merely have been scared: “They can’t fathom that there are brave White men alive who have the willpower and courage it takes to say, ‘Fuck my life—I’m willing to sacrifice everything for the benefit of my race.’”
Platform users deny that their platform has been used by mass shooters to publish their manifestos (T0129.006: Deny Involvement). |
-| [T0151.001 Social Media Platform](../../generated_pages/techniques/T0151.001.md) | IT00000381 On April 27, 2019, at around 11:30 a.m. local time, a young man with a semi-automatic rifle walked into the Chabad of Poway Synagogue in Poway, California. He opened fire, killing one worshipper and wounding three others. In the hours since the shooting, a manifesto, believed to be written by the shooter, began circulating online. Evidence has also surfaced that, like the Christchurch Mosque shooter, this killer began his rampage with a post on 8chan’s /pol/ board.
Although both of these attacks may seem different, since they targeted worshippers of different faiths, both shooters were united by the same fascist ideology. They were also both radicalized in the same place: 8chan’s /pol/ board.
This has been corroborated by posts on the board itself, where “anons,” as the posters call themselves, recirculated the shooter’s since-deleted post. In it, the alleged shooter claims to have been “lurking” on the site for a year and a half. He includes a link to a livestream of his rampage — which thankfully does not appear to have worked — and he also includes a pastebin link to his manifesto.
The very first response to his announcement was another anon cheering him on and telling him to “get the high score,” AKA, kill a huge number of people.
Before carrying out a mass shooting, the shooter posted a thread to 8chan’s /pol/ board. The post directed users to a variety of different platforms (T0146.006: Open Access Platform, T0151.012: Image Board Platform, T0115: Post Content, T0122: Direct Users to Alternative Platforms); a Facebook account on which the shooter attempted to livestream the shooting (T0146: Account Asset, T0151.001: Social Media Platform); and a manifesto they had written hosted on pastebin (T0146.006: Open Access Platform, T0152.005: Paste Platform, T0115: Post Content) and uploaded to the file sharing platform Mediafire (T0152.010: File Hosting Platform, T0085.004: Develop Document).
The report looks deeper into 8chan’s /pol/ board:
8chan is a large website, which includes a number of different discussion groups about everything from anime to left-wing politics. /pol/ is one particularly active board on the website, and it is best described as a gathering place for extremely online neo-Nazis.
[...]
I’ve browsed /pol/ on an almost daily basis since the Christchurch shooting. It has not been difficult to find calls for violence. On Monday, March 25 of this year, I ran across evidence of anons translating the Christchurch shooter’s manifesto into other languages in an attempt to inspire more shootings across the globe.
This tactic can work, and today’s shooting is proof. The Poway Synagogue shooter directly cited the Christchurch shooter as his inspiration, saying he decided to carry out his attack roughly two weeks after that shooting. On /pol/, many anons refer to the Christchurch shooter, Brenton Tarrant, as “Saint Tarrant,” complete with medieval-inspired iconography.
Manifestos posted to 8chan are translated and reshared by other platform users (T0101: Create Localised Content, T0146.006: Open Access Platform, T0151.012: Image Board Platform, T0115: Post Content, T0084.004: Appropriate Content).
When I began looking through /pol/ right after the Poway Synagogue shooting, I came across several claims that the shootings had been a “false flag” aimed at making the message board look bad.
When Bellingcat tweeted out a warning about shitposting and the shooter’s manifesto, in the immediate wake of the attack, probable anons even commented on the Tweet in an attempt to deny that a channer had been behind the attack.
This is a recognizable pattern that occurs in the wake of any crimes committed by members of the board. While the initial response to the Christchurch shooter’s massacre thread was riotous glee, in the days after the shooting many anons began to claim the attack had been a false flag. This actually sparked significant division and debate between the members of /pol/. In the below image, a user mocks other anons for being unable to “believe something in your favor is real.” Another anon responds, “As the evidence comes out, its [sic] quite clear that this was a false flag.”
In his manifesto, the Poway Synagogue shooter even weighed in on this debate, accusing other anons who called the Christchurch and Tree of Life Synagogue shootings “false flags” to merely have been scared: “They can’t fathom that there are brave White men alive who have the willpower and courage it takes to say, ‘Fuck my life—I’m willing to sacrifice everything for the benefit of my race.’”
Platform users deny that their platform has been used by mass shooters to publish their manifestos (T0129.006: Deny Involvement). |
-| [T0151.012 Image Board Platform](../../generated_pages/techniques/T0151.012.md) | IT00000374 On April 27, 2019, at around 11:30 a.m. local time, a young man with a semi-automatic rifle walked into the Chabad of Poway Synagogue in Poway, California. He opened fire, killing one worshipper and wounding three others. In the hours since the shooting, a manifesto, believed to be written by the shooter, began circulating online. Evidence has also surfaced that, like the Christchurch Mosque shooter, this killer began his rampage with a post on 8chan’s /pol/ board.
Although both of these attacks may seem different, since they targeted worshippers of different faiths, both shooters were united by the same fascist ideology. They were also both radicalized in the same place: 8chan’s /pol/ board.
This has been corroborated by posts on the board itself, where “anons,” as the posters call themselves, recirculated the shooter’s since-deleted post. In it, the alleged shooter claims to have been “lurking” on the site for a year and a half. He includes a link to a livestream of his rampage — which thankfully does not appear to have worked — and he also includes a pastebin link to his manifesto.
The very first response to his announcement was another anon cheering him on and telling him to “get the high score,” AKA, kill a huge number of people.
Before carrying out a mass shooting, the shooter posted a thread to 8chan’s /pol/ board. The post directed users to a variety of different platforms (T0146.006: Open Access Platform, T0151.012: Image Board Platform, T0115: Post Content, T0122: Direct Users to Alternative Platforms); a Facebook account on which the shooter attempted to livestream the shooting (T0146: Account Asset, T0151.001: Social Media Platform); and a manifesto they had written hosted on pastebin (T0146.006: Open Access Platform, T0152.005: Paste Platform, T0115: Post Content) and uploaded to the file sharing platform Mediafire (T0152.010: File Hosting Platform, T0085.004: Develop Document).
The report looks deeper into 8chan’s /pol/ board:
8chan is a large website, which includes a number of different discussion groups about everything from anime to left-wing politics. /pol/ is one particularly active board on the website, and it is best described as a gathering place for extremely online neo-Nazis.
[...]
I’ve browsed /pol/ on an almost daily basis since the Christchurch shooting. It has not been difficult to find calls for violence. On Monday, March 25 of this year, I ran across evidence of anons translating the Christchurch shooter’s manifesto into other languages in an attempt to inspire more shootings across the globe.
This tactic can work, and today’s shooting is proof. The Poway Synagogue shooter directly cited the Christchurch shooter as his inspiration, saying he decided to carry out his attack roughly two weeks after that shooting. On /pol/, many anons refer to the Christchurch shooter, Brenton Tarrant, as “Saint Tarrant,” complete with medieval-inspired iconography.
Manifestos posted to 8chan are translated and reshared by other platform users (T0101: Create Localised Content, T0146.006: Open Access Platform, T0151.012: Image Board Platform, T0115: Post Content, T0084.004: Appropriate Content).
When I began looking through /pol/ right after the Poway Synagogue shooting, I came across several claims that the shootings had been a “false flag” aimed at making the message board look bad.
When Bellingcat tweeted out a warning about shitposting and the shooter’s manifesto, in the immediate wake of the attack, probable anons even commented on the Tweet in an attempt to deny that a channer had been behind the attack.
This is a recognizable pattern that occurs in the wake of any crimes committed by members of the board. While the initial response to the Christchurch shooter’s massacre thread was riotous glee, in the days after the shooting many anons began to claim the attack had been a false flag. This actually sparked significant division and debate between the members of /pol/. In the below image, a user mocks other anons for being unable to “believe something in your favor is real.” Another anon responds, “As the evidence comes out, its [sic] quite clear that this was a false flag.”
In his manifesto, the Poway Synagogue shooter even weighed in on this debate, accusing other anons who called the Christchurch and Tree of Life Synagogue shootings “false flags” to merely have been scared: “They can’t fathom that there are brave White men alive who have the willpower and courage it takes to say, ‘Fuck my life—I’m willing to sacrifice everything for the benefit of my race.’”
Platform users deny that their platform has been used by mass shooters to publish their manifestos (T0129.006: Deny Involvement). |
-| [T0152.005 Paste Platform](../../generated_pages/techniques/T0152.005.md) | IT00000380 On April 27, 2019, at around 11:30 a.m. local time, a young man with a semi-automatic rifle walked into the Chabad of Poway Synagogue in Poway, California. He opened fire, killing one worshipper and wounding three others. In the hours since the shooting, a manifesto, believed to be written by the shooter, began circulating online. Evidence has also surfaced that, like the Christchurch Mosque shooter, this killer began his rampage with a post on 8chan’s /pol/ board.
Although both of these attacks may seem different, since they targeted worshippers of different faiths, both shooters were united by the same fascist ideology. They were also both radicalized in the same place: 8chan’s /pol/ board.
This has been corroborated by posts on the board itself, where “anons,” as the posters call themselves, recirculated the shooter’s since-deleted post. In it, the alleged shooter claims to have been “lurking” on the site for a year and a half. He includes a link to a livestream of his rampage — which thankfully does not appear to have worked — and he also includes a pastebin link to his manifesto.
The very first response to his announcement was another anon cheering him on and telling him to “get the high score,” AKA, kill a huge number of people.
Before carrying out a mass shooting, the shooter posted a thread to 8chan’s /pol/ board. The post directed users to a variety of different platforms (T0146.006: Open Access Platform, T0151.012: Image Board Platform, T0115: Post Content, T0122: Direct Users to Alternative Platforms); a Facebook account on which the shooter attempted to livestream the shooting (T0146: Account Asset, T0151.001: Social Media Platform); and a manifesto they had written hosted on pastebin (T0146.006: Open Access Platform, T0152.005: Paste Platform, T0115: Post Content) and uploaded to the file sharing platform Mediafire (T0152.010: File Hosting Platform, T0085.004: Develop Document).
The report looks deeper into 8chan’s /pol/ board:
8chan is a large website, which includes a number of different discussion groups about everything from anime to left-wing politics. /pol/ is one particularly active board on the website, and it is best described as a gathering place for extremely online neo-Nazis.
[...]
I’ve browsed /pol/ on an almost daily basis since the Christchurch shooting. It has not been difficult to find calls for violence. On Monday, March 25 of this year, I ran across evidence of anons translating the Christchurch shooter’s manifesto into other languages in an attempt to inspire more shootings across the globe.
This tactic can work, and today’s shooting is proof. The Poway Synagogue shooter directly cited the Christchurch shooter as his inspiration, saying he decided to carry out his attack roughly two weeks after that shooting. On /pol/, many anons refer to the Christchurch shooter, Brenton Tarrant, as “Saint Tarrant,” complete with medieval-inspired iconography.
Manifestos posted to 8chan are translated and reshared by other platform users (T0101: Create Localised Content, T0146.006: Open Access Platform, T0151.012: Image Board Platform, T0115: Post Content, T0084.004: Appropriate Content).
When I began looking through /pol/ right after the Poway Synagogue shooting, I came across several claims that the shootings had been a “false flag” aimed at making the message board look bad.
When Bellingcat tweeted out a warning about shitposting and the shooter’s manifesto, in the immediate wake of the attack, probable anons even commented on the Tweet in an attempt to deny that a channer had been behind the attack.
This is a recognizable pattern that occurs in the wake of any crimes committed by members of the board. While the initial response to the Christchurch shooter’s massacre thread was riotous glee, in the days after the shooting many anons began to claim the attack had been a false flag. This actually sparked significant division and debate between the members of /pol/. In the below image, a user mocks other anons for being unable to “believe something in your favor is real.” Another anon responds, “As the evidence comes out, its [sic] quite clear that this was a false flag.”
In his manifesto, the Poway Synagogue shooter even weighed in on this debate, accusing other anons who called the Christchurch and Tree of Life Synagogue shootings “false flags” to merely have been scared: “They can’t fathom that there are brave White men alive who have the willpower and courage it takes to say, ‘Fuck my life—I’m willing to sacrifice everything for the benefit of my race.’”
Platform users deny that their platform has been used by mass shooters to publish their manifestos (T0129.006: Deny Involvement). |
-| [T0152.010 File Hosting Platform](../../generated_pages/techniques/T0152.010.md) | IT00000379 On April 27, 2019, at around 11:30 a.m. local time, a young man with a semi-automatic rifle walked into the Chabad of Poway Synagogue in Poway, California. He opened fire, killing one worshipper and wounding three others. In the hours since the shooting, a manifesto, believed to be written by the shooter, began circulating online. Evidence has also surfaced that, like the Christchurch Mosque shooter, this killer began his rampage with a post on 8chan’s /pol/ board.
Although both of these attacks may seem different, since they targeted worshippers of different faiths, both shooters were united by the same fascist ideology. They were also both radicalized in the same place: 8chan’s /pol/ board.
This has been corroborated by posts on the board itself, where “anons,” as the posters call themselves, recirculated the shooter’s since-deleted post. In it, the alleged shooter claims to have been “lurking” on the site for a year and a half. He includes a link to a livestream of his rampage — which thankfully does not appear to have worked — and he also includes a pastebin link to his manifesto.
The very first response to his announcement was another anon cheering him on and telling him to “get the high score,” AKA, kill a huge number of people.
Before carrying out a mass shooting, the shooter posted a thread to 8chan’s /pol/ board. The post directed users to a variety of different platforms (T0146.006: Open Access Platform, T0151.012: Image Board Platform, T0115: Post Content, T0122: Direct Users to Alternative Platforms); a Facebook account on which the shooter attempted to livestream the shooting (T0146: Account Asset, T0151.001: Social Media Platform); and a manifesto they had written hosted on pastebin (T0146.006: Open Access Platform, T0152.005: Paste Platform, T0115: Post Content) and uploaded to the file sharing platform Mediafire (T0152.010: File Hosting Platform, T0085.004: Develop Document).
The report looks deeper into 8chan’s /pol/ board:
8chan is a large website, which includes a number of different discussion groups about everything from anime to left-wing politics. /pol/ is one particularly active board on the website, and it is best described as a gathering place for extremely online neo-Nazis.
[...]
I’ve browsed /pol/ on an almost daily basis since the Christchurch shooting. It has not been difficult to find calls for violence. On Monday, March 25 of this year, I ran across evidence of anons translating the Christchurch shooter’s manifesto into other languages in an attempt to inspire more shootings across the globe.
This tactic can work, and today’s shooting is proof. The Poway Synagogue shooter directly cited the Christchurch shooter as his inspiration, saying he decided to carry out his attack roughly two weeks after that shooting. On /pol/, many anons refer to the Christchurch shooter, Brenton Tarrant, as “Saint Tarrant,” complete with medieval-inspired iconography.
Manifestos posted to 8chan are translated and reshared by other platform users (T0101: Create Localised Content, T0146.006: Open Access Platform, T0151.012: Image Board Platform, T0115: Post Content, T0084.004: Appropriate Content).
When I began looking through /pol/ right after the Poway Synagogue shooting, I came across several claims that the shootings had been a “false flag” aimed at making the message board look bad.
When Bellingcat tweeted out a warning about shitposting and the shooter’s manifesto, in the immediate wake of the attack, probable anons even commented on the Tweet in an attempt to deny that a channer had been behind the attack.
This is a recognizable pattern that occurs in the wake of any crimes committed by members of the board. While the initial response to the Christchurch shooter’s massacre thread was riotous glee, in the days after the shooting many anons began to claim the attack had been a false flag. This actually sparked significant division and debate between the members of /pol/. In the below image, a user mocks other anons for being unable to “believe something in your favor is real.” Another anon responds, “As the evidence comes out, its [sic] quite clear that this was a false flag.”
In his manifesto, the Poway Synagogue shooter even weighed in on this debate, accusing other anons who called the Christchurch and Tree of Life Synagogue shootings “false flags” to merely have been scared: “They can’t fathom that there are brave White men alive who have the willpower and courage it takes to say, ‘Fuck my life—I’m willing to sacrifice everything for the benefit of my race.’”
Platform users deny that their platform has been used by mass shooters to publish their manifestos (T0129.006: Deny Involvement). |
+| [T0084.004 Appropriate Content](../../generated_pages/techniques/T0084.004.md) | On April 27, 2019, at around 11:30 a.m. local time, a young man with a semi-automatic rifle walked into the Chabad of Poway Synagogue in Poway, California. He opened fire, killing one worshipper and wounding three others. In the hours since the shooting, a manifesto, believed to be written by the shooter, began circulating online. Evidence has also surfaced that, like the Christchurch Mosque shooter, this killer began his rampage with a post on 8chan’s /pol/ board.
Although both of these attacks may seem different, since they targeted worshippers of different faiths, both shooters were united by the same fascist ideology. They were also both radicalized in the same place: 8chan’s /pol/ board.
This has been corroborated by posts on the board itself, where “anons,” as the posters call themselves, recirculated the shooter’s since-deleted post. In it, the alleged shooter claims to have been “lurking” on the site for a year and a half. He includes a link to a livestream of his rampage — which thankfully does not appear to have worked — and he also includes a pastebin link to his manifesto.
The very first response to his announcement was another anon cheering him on and telling him to “get the high score,” AKA, kill a huge number of people.
Before carrying out a mass shooting, the shooter posted a thread to 8chan’s /pol/ board. The post directed users to a variety of different platforms (T0146.006: Open Access Platform, T0151.012: Image Board Platform, T0115: Post Content, T0122: Direct Users to Alternative Platforms); a Facebook account on which the shooter attempted to livestream the shooting (T0146: Account Asset, T0151.001: Social Media Platform); and a manifesto they had written hosted on pastebin (T0146.006: Open Access Platform, T0152.005: Paste Platform, T0115: Post Content) and uploaded to the file sharing platform Mediafire (T0152.010: File Hosting Platform, T0085.004: Develop Document).
The report looks deeper into 8chan’s /pol/ board:
8chan is a large website, which includes a number of different discussion groups about everything from anime to left-wing politics. /pol/ is one particularly active board on the website, and it is best described as a gathering place for extremely online neo-Nazis.
[...]
I’ve browsed /pol/ on an almost daily basis since the Christchurch shooting. It has not been difficult to find calls for violence. On Monday, March 25 of this year, I ran across evidence of anons translating the Christchurch shooter’s manifesto into other languages in an attempt to inspire more shootings across the globe.
This tactic can work, and today’s shooting is proof. The Poway Synagogue shooter directly cited the Christchurch shooter as his inspiration, saying he decided to carry out his attack roughly two weeks after that shooting. On /pol/, many anons refer to the Christchurch shooter, Brenton Tarrant, as “Saint Tarrant,” complete with medieval-inspired iconography.
Manifestos posted to 8chan are translated and reshared by other platform users (T0101: Create Localised Content, T0146.006: Open Access Platform, T0151.012: Image Board Platform, T0115: Post Content, T0084.004: Appropriate Content).
When I began looking through /pol/ right after the Poway Synagogue shooting, I came across several claims that the shootings had been a “false flag” aimed at making the message board look bad.
When Bellingcat tweeted out a warning about shitposting and the shooter’s manifesto, in the immediate wake of the attack, probable anons even commented on the Tweet in an attempt to deny that a channer had been behind the attack.
This is a recognizable pattern that occurs in the wake of any crimes committed by members of the board. While the initial response to the Christchurch shooter’s massacre thread was riotous glee, in the days after the shooting many anons began to claim the attack had been a false flag. This actually sparked significant division and debate between the members of /pol/. In the below image, a user mocks other anons for being unable to “believe something in your favor is real.” Another anon responds, “As the evidence comes out, its [sic] quite clear that this was a false flag.”
In his manifesto, the Poway Synagogue shooter even weighed in on this debate, accusing other anons who called the Christchurch and Tree of Life Synagogue shootings “false flags” to merely have been scared: “They can’t fathom that there are brave White men alive who have the willpower and courage it takes to say, ‘Fuck my life—I’m willing to sacrifice everything for the benefit of my race.’”
Platform users deny that their platform has been used by mass shooters to publish their manifestos (T0129.006: Deny Involvement). |
+| [T0085.004 Develop Document](../../generated_pages/techniques/T0085.004.md) | On April 27, 2019, at around 11:30 a.m. local time, a young man with a semi-automatic rifle walked into the Chabad of Poway Synagogue in Poway, California. He opened fire, killing one worshipper and wounding three others. In the hours since the shooting, a manifesto, believed to be written by the shooter, began circulating online. Evidence has also surfaced that, like the Christchurch Mosque shooter, this killer began his rampage with a post on 8chan’s /pol/ board.
Although both of these attacks may seem different, since they targeted worshippers of different faiths, both shooters were united by the same fascist ideology. They were also both radicalized in the same place: 8chan’s /pol/ board.
This has been corroborated by posts on the board itself, where “anons,” as the posters call themselves, recirculated the shooter’s since-deleted post. In it, the alleged shooter claims to have been “lurking” on the site for a year and a half. He includes a link to a livestream of his rampage — which thankfully does not appear to have worked — and he also includes a pastebin link to his manifesto.
The very first response to his announcement was another anon cheering him on and telling him to “get the high score,” AKA, kill a huge number of people.
Before carrying out a mass shooting, the shooter posted a thread to 8chan’s /pol/ board. The post directed users to a variety of different platforms (T0146.006: Open Access Platform, T0151.012: Image Board Platform, T0115: Post Content, T0122: Direct Users to Alternative Platforms); a Facebook account on which the shooter attempted to livestream the shooting (T0146: Account Asset, T0151.001: Social Media Platform); and a manifesto they had written hosted on pastebin (T0146.006: Open Access Platform, T0152.005: Paste Platform, T0115: Post Content) and uploaded to the file sharing platform Mediafire (T0152.010: File Hosting Platform, T0085.004: Develop Document).
The report looks deeper into 8chan’s /pol/ board:
8chan is a large website, which includes a number of different discussion groups about everything from anime to left-wing politics. /pol/ is one particularly active board on the website, and it is best described as a gathering place for extremely online neo-Nazis.
[...]
I’ve browsed /pol/ on an almost daily basis since the Christchurch shooting. It has not been difficult to find calls for violence. On Monday, March 25 of this year, I ran across evidence of anons translating the Christchurch shooter’s manifesto into other languages in an attempt to inspire more shootings across the globe.
This tactic can work, and today’s shooting is proof. The Poway Synagogue shooter directly cited the Christchurch shooter as his inspiration, saying he decided to carry out his attack roughly two weeks after that shooting. On /pol/, many anons refer to the Christchurch shooter, Brenton Tarrant, as “Saint Tarrant,” complete with medieval-inspired iconography.
Manifestos posted to 8chan are translated and reshared by other platform users (T0101: Create Localised Content, T0146.006: Open Access Platform, T0151.012: Image Board Platform, T0115: Post Content, T0084.004: Appropriate Content).
When I began looking through /pol/ right after the Poway Synagogue shooting, I came across several claims that the shootings had been a “false flag” aimed at making the message board look bad.
When Bellingcat tweeted out a warning about shitposting and the shooter’s manifesto, in the immediate wake of the attack, probable anons even commented on the Tweet in an attempt to deny that a channer had been behind the attack.
This is a recognizable pattern that occurs in the wake of any crimes committed by members of the board. While the initial response to the Christchurch shooter’s massacre thread was riotous glee, in the days after the shooting many anons began to claim the attack had been a false flag. This actually sparked significant division and debate between the members of /pol/. In the below image, a user mocks other anons for being unable to “believe something in your favor is real.” Another anon responds, “As the evidence comes out, its [sic] quite clear that this was a false flag.”
In his manifesto, the Poway Synagogue shooter even weighed in on this debate, accusing other anons who called the Christchurch and Tree of Life Synagogue shootings “false flags” to merely have been scared: “They can’t fathom that there are brave White men alive who have the willpower and courage it takes to say, ‘Fuck my life—I’m willing to sacrifice everything for the benefit of my race.’”
Platform users deny that their platform has been used by mass shooters to publish their manifestos (T0129.006: Deny Involvement). |
+| [T0101 Create Localised Content](../../generated_pages/techniques/T0101.md) | On April 27, 2019, at around 11:30 a.m. local time, a young man with a semi-automatic rifle walked into the Chabad of Poway Synagogue in Poway, California. He opened fire, killing one worshipper and wounding three others. In the hours since the shooting, a manifesto, believed to be written by the shooter, began circulating online. Evidence has also surfaced that, like the Christchurch Mosque shooter, this killer began his rampage with a post on 8chan’s /pol/ board.
Although both of these attacks may seem different, since they targeted worshippers of different faiths, both shooters were united by the same fascist ideology. They were also both radicalized in the same place: 8chan’s /pol/ board.
This has been corroborated by posts on the board itself, where “anons,” as the posters call themselves, recirculated the shooter’s since-deleted post. In it, the alleged shooter claims to have been “lurking” on the site for a year and a half. He includes a link to a livestream of his rampage — which thankfully does not appear to have worked — and he also includes a pastebin link to his manifesto.
The very first response to his announcement was another anon cheering him on and telling him to “get the high score,” AKA, kill a huge number of people.
Before carrying out a mass shooting, the shooter posted a thread to 8chan’s /pol/ board. The post directed users to a variety of different platforms (T0146.006: Open Access Platform, T0151.012: Image Board Platform, T0115: Post Content, T0122: Direct Users to Alternative Platforms); a Facebook account on which the shooter attempted to livestream the shooting (T0146: Account Asset, T0151.001: Social Media Platform); and a manifesto they had written hosted on pastebin (T0146.006: Open Access Platform, T0152.005: Paste Platform, T0115: Post Content) and uploaded to the file sharing platform Mediafire (T0152.010: File Hosting Platform, T0085.004: Develop Document).
The report looks deeper into 8chan’s /pol/ board:
8chan is a large website, which includes a number of different discussion groups about everything from anime to left-wing politics. /pol/ is one particularly active board on the website, and it is best described as a gathering place for extremely online neo-Nazis.
[...]
I’ve browsed /pol/ on an almost daily basis since the Christchurch shooting. It has not been difficult to find calls for violence. On Monday, March 25 of this year, I ran across evidence of anons translating the Christchurch shooter’s manifesto into other languages in an attempt to inspire more shootings across the globe.
This tactic can work, and today’s shooting is proof. The Poway Synagogue shooter directly cited the Christchurch shooter as his inspiration, saying he decided to carry out his attack roughly two weeks after that shooting. On /pol/, many anons refer to the Christchurch shooter, Brenton Tarrant, as “Saint Tarrant,” complete with medieval-inspired iconography.
Manifestos posted to 8chan are translated and reshared by other platform users (T0101: Create Localised Content, T0146.006: Open Access Platform, T0151.012: Image Board Platform, T0115: Post Content, T0084.004: Appropriate Content).
When I began looking through /pol/ right after the Poway Synagogue shooting, I came across several claims that the shootings had been a “false flag” aimed at making the message board look bad.
When Bellingcat tweeted out a warning about shitposting and the shooter’s manifesto, in the immediate wake of the attack, probable anons even commented on the Tweet in an attempt to deny that a channer had been behind the attack.
This is a recognizable pattern that occurs in the wake of any crimes committed by members of the board. While the initial response to the Christchurch shooter’s massacre thread was riotous glee, in the days after the shooting many anons began to claim the attack had been a false flag. This actually sparked significant division and debate between the members of /pol/. In the below image, a user mocks other anons for being unable to “believe something in your favor is real.” Another anon responds, “As the evidence comes out, its [sic] quite clear that this was a false flag.”
In his manifesto, the Poway Synagogue shooter even weighed in on this debate, accusing other anons who called the Christchurch and Tree of Life Synagogue shootings “false flags” to merely have been scared: “They can’t fathom that there are brave White men alive who have the willpower and courage it takes to say, ‘Fuck my life—I’m willing to sacrifice everything for the benefit of my race.’”
Platform users deny that their platform has been used by mass shooters to publish their manifestos (T0129.006: Deny Involvement). |
+| [T0122 Direct Users to Alternative Platforms](../../generated_pages/techniques/T0122.md) | On April 27, 2019, at around 11:30 a.m. local time, a young man with a semi-automatic rifle walked into the Chabad of Poway Synagogue in Poway, California. He opened fire, killing one worshipper and wounding three others. In the hours since the shooting, a manifesto, believed to be written by the shooter, began circulating online. Evidence has also surfaced that, like the Christchurch Mosque shooter, this killer began his rampage with a post on 8chan’s /pol/ board.
Although both of these attacks may seem different, since they targeted worshippers of different faiths, both shooters were united by the same fascist ideology. They were also both radicalized in the same place: 8chan’s /pol/ board.
This has been corroborated by posts on the board itself, where “anons,” as the posters call themselves, recirculated the shooter’s since-deleted post. In it, the alleged shooter claims to have been “lurking” on the site for a year and a half. He includes a link to a livestream of his rampage — which thankfully does not appear to have worked — and he also includes a pastebin link to his manifesto.
The very first response to his announcement was another anon cheering him on and telling him to “get the high score,” AKA, kill a huge number of people.
Before carrying out a mass shooting, the shooter posted a thread to 8chan’s /pol/ board. The post directed users to a variety of different platforms (T0146.006: Open Access Platform, T0151.012: Image Board Platform, T0115: Post Content, T0122: Direct Users to Alternative Platforms); a Facebook account on which the shooter attempted to livestream the shooting (T0146: Account Asset, T0151.001: Social Media Platform); and a manifesto they had written hosted on pastebin (T0146.006: Open Access Platform, T0152.005: Paste Platform, T0115: Post Content) and uploaded to the file sharing platform Mediafire (T0152.010: File Hosting Platform, T0085.004: Develop Document).
The report looks deeper into 8chan’s /pol/ board:
8chan is a large website, which includes a number of different discussion groups about everything from anime to left-wing politics. /pol/ is one particularly active board on the website, and it is best described as a gathering place for extremely online neo-Nazis.
[...]
I’ve browsed /pol/ on an almost daily basis since the Christchurch shooting. It has not been difficult to find calls for violence. On Monday, March 25 of this year, I ran across evidence of anons translating the Christchurch shooter’s manifesto into other languages in an attempt to inspire more shootings across the globe.
This tactic can work, and today’s shooting is proof. The Poway Synagogue shooter directly cited the Christchurch shooter as his inspiration, saying he decided to carry out his attack roughly two weeks after that shooting. On /pol/, many anons refer to the Christchurch shooter, Brenton Tarrant, as “Saint Tarrant,” complete with medieval-inspired iconography.
Manifestos posted to 8chan are translated and reshared by other platform users (T0101: Create Localised Content, T0146.006: Open Access Platform, T0151.012: Image Board Platform, T0115: Post Content, T0084.004: Appropriate Content).
When I began looking through /pol/ right after the Poway Synagogue shooting, I came across several claims that the shootings had been a “false flag” aimed at making the message board look bad.
When Bellingcat tweeted out a warning about shitposting and the shooter’s manifesto, in the immediate wake of the attack, probable anons even commented on the Tweet in an attempt to deny that a channer had been behind the attack.
This is a recognizable pattern that occurs in the wake of any crimes committed by members of the board. While the initial response to the Christchurch shooter’s massacre thread was riotous glee, in the days after the shooting many anons began to claim the attack had been a false flag. This actually sparked significant division and debate between the members of /pol/. In the below image, a user mocks other anons for being unable to “believe something in your favor is real.” Another anon responds, “As the evidence comes out, its [sic] quite clear that this was a false flag.”
In his manifesto, the Poway Synagogue shooter even weighed in on this debate, accusing other anons who called the Christchurch and Tree of Life Synagogue shootings “false flags” to merely have been scared: “They can’t fathom that there are brave White men alive who have the willpower and courage it takes to say, ‘Fuck my life—I’m willing to sacrifice everything for the benefit of my race.’”
Platform users deny that their platform has been used by mass shooters to publish their manifestos (T0129.006: Deny Involvement). |
+| [T0129.006 Deny Involvement](../../generated_pages/techniques/T0129.006.md) | On April 27, 2019, at around 11:30 a.m. local time, a young man with a semi-automatic rifle walked into the Chabad of Poway Synagogue in Poway, California. He opened fire, killing one worshipper and wounding three others. In the hours since the shooting, a manifesto, believed to be written by the shooter, began circulating online. Evidence has also surfaced that, like the Christchurch Mosque shooter, this killer began his rampage with a post on 8chan’s /pol/ board.
Although both of these attacks may seem different, since they targeted worshippers of different faiths, both shooters were united by the same fascist ideology. They were also both radicalized in the same place: 8chan’s /pol/ board.
This has been corroborated by posts on the board itself, where “anons,” as the posters call themselves, recirculated the shooter’s since-deleted post. In it, the alleged shooter claims to have been “lurking” on the site for a year and a half. He includes a link to a livestream of his rampage — which thankfully does not appear to have worked — and he also includes a pastebin link to his manifesto.
The very first response to his announcement was another anon cheering him on and telling him to “get the high score,” AKA, kill a huge number of people.
Before carrying out a mass shooting, the shooter posted a thread to 8chan’s /pol/ board. The post directed users to a variety of different platforms (T0146.006: Open Access Platform, T0151.012: Image Board Platform, T0115: Post Content, T0122: Direct Users to Alternative Platforms); a Facebook account on which the shooter attempted to livestream the shooting (T0146: Account Asset, T0151.001: Social Media Platform); and a manifesto they had written hosted on pastebin (T0146.006: Open Access Platform, T0152.005: Paste Platform, T0115: Post Content) and uploaded to the file sharing platform Mediafire (T0152.010: File Hosting Platform, T0085.004: Develop Document).
The report looks deeper into 8chan’s /pol/ board:
8chan is a large website, which includes a number of different discussion groups about everything from anime to left-wing politics. /pol/ is one particularly active board on the website, and it is best described as a gathering place for extremely online neo-Nazis.
[...]
I’ve browsed /pol/ on an almost daily basis since the Christchurch shooting. It has not been difficult to find calls for violence. On Monday, March 25 of this year, I ran across evidence of anons translating the Christchurch shooter’s manifesto into other languages in an attempt to inspire more shootings across the globe.
This tactic can work, and today’s shooting is proof. The Poway Synagogue shooter directly cited the Christchurch shooter as his inspiration, saying he decided to carry out his attack roughly two weeks after that shooting. On /pol/, many anons refer to the Christchurch shooter, Brenton Tarrant, as “Saint Tarrant,” complete with medieval-inspired iconography.
Manifestos posted to 8chan are translated and reshared by other platform users (T0101: Create Localised Content, T0146.006: Open Access Platform, T0151.012: Image Board Platform, T0115: Post Content, T0084.004: Appropriate Content).
When I began looking through /pol/ right after the Poway Synagogue shooting, I came across several claims that the shootings had been a “false flag” aimed at making the message board look bad.
When Bellingcat tweeted out a warning about shitposting and the shooter’s manifesto, in the immediate wake of the attack, probable anons even commented on the Tweet in an attempt to deny that a channer had been behind the attack.
This is a recognizable pattern that occurs in the wake of any crimes committed by members of the board. While the initial response to the Christchurch shooter’s massacre thread was riotous glee, in the days after the shooting many anons began to claim the attack had been a false flag. This actually sparked significant division and debate between the members of /pol/. In the below image, a user mocks other anons for being unable to “believe something in your favor is real.” Another anon responds, “As the evidence comes out, its [sic] quite clear that this was a false flag.”
In his manifesto, the Poway Synagogue shooter even weighed in on this debate, accusing other anons who called the Christchurch and Tree of Life Synagogue shootings “false flags” to merely have been scared: “They can’t fathom that there are brave White men alive who have the willpower and courage it takes to say, ‘Fuck my life—I’m willing to sacrifice everything for the benefit of my race.’”
Platform users deny that their platform has been used by mass shooters to publish their manifestos (T0129.006: Deny Involvement). |
+| [T0146.006 Open Access Platform](../../generated_pages/techniques/T0146.006.md) | On April 27, 2019, at around 11:30 a.m. local time, a young man with a semi-automatic rifle walked into the Chabad of Poway Synagogue in Poway, California. He opened fire, killing one worshipper and wounding three others. In the hours since the shooting, a manifesto, believed to be written by the shooter, began circulating online. Evidence has also surfaced that, like the Christchurch Mosque shooter, this killer began his rampage with a post on 8chan’s /pol/ board.
Although both of these attacks may seem different, since they targeted worshippers of different faiths, both shooters were united by the same fascist ideology. They were also both radicalized in the same place: 8chan’s /pol/ board.
This has been corroborated by posts on the board itself, where “anons,” as the posters call themselves, recirculated the shooter’s since-deleted post. In it, the alleged shooter claims to have been “lurking” on the site for a year and a half. He includes a link to a livestream of his rampage — which thankfully does not appear to have worked — and he also includes a pastebin link to his manifesto.
The very first response to his announcement was another anon cheering him on and telling him to “get the high score,” AKA, kill a huge number of people.
Before carrying out a mass shooting, the shooter posted a thread to 8chan’s /pol/ board. The post directed users to a variety of different platforms (T0146.006: Open Access Platform, T0151.012: Image Board Platform, T0115: Post Content, T0122: Direct Users to Alternative Platforms); a Facebook account on which the shooter attempted to livestream the shooting (T0146: Account Asset, T0151.001: Social Media Platform); and a manifesto they had written hosted on pastebin (T0146.006: Open Access Platform, T0152.005: Paste Platform, T0115: Post Content) and uploaded to the file sharing platform Mediafire (T0152.010: File Hosting Platform, T0085.004: Develop Document).
The report looks deeper into 8chan’s /pol/ board:
8chan is a large website, which includes a number of different discussion groups about everything from anime to left-wing politics. /pol/ is one particularly active board on the website, and it is best described as a gathering place for extremely online neo-Nazis.
[...]
I’ve browsed /pol/ on an almost daily basis since the Christchurch shooting. It has not been difficult to find calls for violence. On Monday, March 25 of this year, I ran across evidence of anons translating the Christchurch shooter’s manifesto into other languages in an attempt to inspire more shootings across the globe.
This tactic can work, and today’s shooting is proof. The Poway Synagogue shooter directly cited the Christchurch shooter as his inspiration, saying he decided to carry out his attack roughly two weeks after that shooting. On /pol/, many anons refer to the Christchurch shooter, Brenton Tarrant, as “Saint Tarrant,” complete with medieval-inspired iconography.
Manifestos posted to 8chan are translated and reshared by other platform users (T0101: Create Localised Content, T0146.006: Open Access Platform, T0151.012: Image Board Platform, T0115: Post Content, T0084.004: Appropriate Content).
When I began looking through /pol/ right after the Poway Synagogue shooting, I came across several claims that the shootings had been a “false flag” aimed at making the message board look bad.
When Bellingcat tweeted out a warning about shitposting and the shooter’s manifesto, in the immediate wake of the attack, probable anons even commented on the Tweet in an attempt to deny that a channer had been behind the attack.
This is a recognizable pattern that occurs in the wake of any crimes committed by members of the board. While the initial response to the Christchurch shooter’s massacre thread was riotous glee, in the days after the shooting many anons began to claim the attack had been a false flag. This actually sparked significant division and debate between the members of /pol/. In the below image, a user mocks other anons for being unable to “believe something in your favor is real.” Another anon responds, “As the evidence comes out, its [sic] quite clear that this was a false flag.”
In his manifesto, the Poway Synagogue shooter even weighed in on this debate, accusing other anons who called the Christchurch and Tree of Life Synagogue shootings “false flags” to merely have been scared: “They can’t fathom that there are brave White men alive who have the willpower and courage it takes to say, ‘Fuck my life—I’m willing to sacrifice everything for the benefit of my race.’”
Platform users deny that their platform has been used by mass shooters to publish their manifestos (T0129.006: Deny Involvement). |
+| [T0151.001 Social Media Platform](../../generated_pages/techniques/T0151.001.md) | On April 27, 2019, at around 11:30 a.m. local time, a young man with a semi-automatic rifle walked into the Chabad of Poway Synagogue in Poway, California. He opened fire, killing one worshipper and wounding three others. In the hours since the shooting, a manifesto, believed to be written by the shooter, began circulating online. Evidence has also surfaced that, like the Christchurch Mosque shooter, this killer began his rampage with a post on 8chan’s /pol/ board.
Although both of these attacks may seem different, since they targeted worshippers of different faiths, both shooters were united by the same fascist ideology. They were also both radicalized in the same place: 8chan’s /pol/ board.
This has been corroborated by posts on the board itself, where “anons,” as the posters call themselves, recirculated the shooter’s since-deleted post. In it, the alleged shooter claims to have been “lurking” on the site for a year and a half. He includes a link to a livestream of his rampage — which thankfully does not appear to have worked — and he also includes a pastebin link to his manifesto.
The very first response to his announcement was another anon cheering him on and telling him to “get the high score,” AKA, kill a huge number of people.
Before carrying out a mass shooting, the shooter posted a thread to 8chan’s /pol/ board. The post directed users to a variety of different platforms (T0146.006: Open Access Platform, T0151.012: Image Board Platform, T0115: Post Content, T0122: Direct Users to Alternative Platforms); a Facebook account on which the shooter attempted to livestream the shooting (T0146: Account Asset, T0151.001: Social Media Platform); and a manifesto they had written hosted on pastebin (T0146.006: Open Access Platform, T0152.005: Paste Platform, T0115: Post Content) and uploaded to the file sharing platform Mediafire (T0152.010: File Hosting Platform, T0085.004: Develop Document).
The report looks deeper into 8chan’s /pol/ board:
8chan is a large website, which includes a number of different discussion groups about everything from anime to left-wing politics. /pol/ is one particularly active board on the website, and it is best described as a gathering place for extremely online neo-Nazis.
[...]
I’ve browsed /pol/ on an almost daily basis since the Christchurch shooting. It has not been difficult to find calls for violence. On Monday, March 25 of this year, I ran across evidence of anons translating the Christchurch shooter’s manifesto into other languages in an attempt to inspire more shootings across the globe.
This tactic can work, and today’s shooting is proof. The Poway Synagogue shooter directly cited the Christchurch shooter as his inspiration, saying he decided to carry out his attack roughly two weeks after that shooting. On /pol/, many anons refer to the Christchurch shooter, Brenton Tarrant, as “Saint Tarrant,” complete with medieval-inspired iconography.
Manifestos posted to 8chan are translated and reshared by other platform users (T0101: Create Localised Content, T0146.006: Open Access Platform, T0151.012: Image Board Platform, T0115: Post Content, T0084.004: Appropriate Content).
When I began looking through /pol/ right after the Poway Synagogue shooting, I came across several claims that the shootings had been a “false flag” aimed at making the message board look bad.
When Bellingcat tweeted out a warning about shitposting and the shooter’s manifesto, in the immediate wake of the attack, probable anons even commented on the Tweet in an attempt to deny that a channer had been behind the attack.
This is a recognizable pattern that occurs in the wake of any crimes committed by members of the board. While the initial response to the Christchurch shooter’s massacre thread was riotous glee, in the days after the shooting many anons began to claim the attack had been a false flag. This actually sparked significant division and debate between the members of /pol/. In the below image, a user mocks other anons for being unable to “believe something in your favor is real.” Another anon responds, “As the evidence comes out, its [sic] quite clear that this was a false flag.”
In his manifesto, the Poway Synagogue shooter even weighed in on this debate, accusing other anons who called the Christchurch and Tree of Life Synagogue shootings “false flags” to merely have been scared: “They can’t fathom that there are brave White men alive who have the willpower and courage it takes to say, ‘Fuck my life—I’m willing to sacrifice everything for the benefit of my race.’”
Platform users deny that their platform has been used by mass shooters to publish their manifestos (T0129.006: Deny Involvement). |
+| [T0151.012 Image Board Platform](../../generated_pages/techniques/T0151.012.md) | On April 27, 2019, at around 11:30 a.m. local time, a young man with a semi-automatic rifle walked into the Chabad of Poway Synagogue in Poway, California. He opened fire, killing one worshipper and wounding three others. In the hours since the shooting, a manifesto, believed to be written by the shooter, began circulating online. Evidence has also surfaced that, like the Christchurch Mosque shooter, this killer began his rampage with a post on 8chan’s /pol/ board.
Although both of these attacks may seem different, since they targeted worshippers of different faiths, both shooters were united by the same fascist ideology. They were also both radicalized in the same place: 8chan’s /pol/ board.
This has been corroborated by posts on the board itself, where “anons,” as the posters call themselves, recirculated the shooter’s since-deleted post. In it, the alleged shooter claims to have been “lurking” on the site for a year and a half. He includes a link to a livestream of his rampage — which thankfully does not appear to have worked — and he also includes a pastebin link to his manifesto.
The very first response to his announcement was another anon cheering him on and telling him to “get the high score,” AKA, kill a huge number of people.
Before carrying out a mass shooting, the shooter posted a thread to 8chan’s /pol/ board. The post directed users to a variety of different platforms (T0146.006: Open Access Platform, T0151.012: Image Board Platform, T0115: Post Content, T0122: Direct Users to Alternative Platforms); a Facebook account on which the shooter attempted to livestream the shooting (T0146: Account Asset, T0151.001: Social Media Platform); and a manifesto they had written hosted on pastebin (T0146.006: Open Access Platform, T0152.005: Paste Platform, T0115: Post Content) and uploaded to the file sharing platform Mediafire (T0152.010: File Hosting Platform, T0085.004: Develop Document).
The report looks deeper into 8chan’s /pol/ board:
8chan is a large website, which includes a number of different discussion groups about everything from anime to left-wing politics. /pol/ is one particularly active board on the website, and it is best described as a gathering place for extremely online neo-Nazis.
[...]
I’ve browsed /pol/ on an almost daily basis since the Christchurch shooting. It has not been difficult to find calls for violence. On Monday, March 25 of this year, I ran across evidence of anons translating the Christchurch shooter’s manifesto into other languages in an attempt to inspire more shootings across the globe.
This tactic can work, and today’s shooting is proof. The Poway Synagogue shooter directly cited the Christchurch shooter as his inspiration, saying he decided to carry out his attack roughly two weeks after that shooting. On /pol/, many anons refer to the Christchurch shooter, Brenton Tarrant, as “Saint Tarrant,” complete with medieval-inspired iconography.
Manifestos posted to 8chan are translated and reshared by other platform users (T0101: Create Localised Content, T0146.006: Open Access Platform, T0151.012: Image Board Platform, T0115: Post Content, T0084.004: Appropriate Content).
When I began looking through /pol/ right after the Poway Synagogue shooting, I came across several claims that the shootings had been a “false flag” aimed at making the message board look bad.
When Bellingcat tweeted out a warning about shitposting and the shooter’s manifesto, in the immediate wake of the attack, probable anons even commented on the Tweet in an attempt to deny that a channer had been behind the attack.
This is a recognizable pattern that occurs in the wake of any crimes committed by members of the board. While the initial response to the Christchurch shooter’s massacre thread was riotous glee, in the days after the shooting many anons began to claim the attack had been a false flag. This actually sparked significant division and debate between the members of /pol/. In the below image, a user mocks other anons for being unable to “believe something in your favor is real.” Another anon responds, “As the evidence comes out, its [sic] quite clear that this was a false flag.”
In his manifesto, the Poway Synagogue shooter even weighed in on this debate, accusing other anons who called the Christchurch and Tree of Life Synagogue shootings “false flags” to merely have been scared: “They can’t fathom that there are brave White men alive who have the willpower and courage it takes to say, ‘Fuck my life—I’m willing to sacrifice everything for the benefit of my race.’”
Platform users deny that their platform has been used by mass shooters to publish their manifestos (T0129.006: Deny Involvement). |
+| [T0152.005 Paste Platform](../../generated_pages/techniques/T0152.005.md) | On April 27, 2019, at around 11:30 a.m. local time, a young man with a semi-automatic rifle walked into the Chabad of Poway Synagogue in Poway, California. He opened fire, killing one worshipper and wounding three others. In the hours since the shooting, a manifesto, believed to be written by the shooter, began circulating online. Evidence has also surfaced that, like the Christchurch Mosque shooter, this killer began his rampage with a post on 8chan’s /pol/ board.
Although both of these attacks may seem different, since they targeted worshippers of different faiths, both shooters were united by the same fascist ideology. They were also both radicalized in the same place: 8chan’s /pol/ board.
This has been corroborated by posts on the board itself, where “anons,” as the posters call themselves, recirculated the shooter’s since-deleted post. In it, the alleged shooter claims to have been “lurking” on the site for a year and a half. He includes a link to a livestream of his rampage — which thankfully does not appear to have worked — and he also includes a pastebin link to his manifesto.
The very first response to his announcement was another anon cheering him on and telling him to “get the high score,” AKA, kill a huge number of people.
Before carrying out a mass shooting, the shooter posted a thread to 8chan’s /pol/ board. The post directed users to a variety of different platforms (T0146.006: Open Access Platform, T0151.012: Image Board Platform, T0115: Post Content, T0122: Direct Users to Alternative Platforms); a Facebook account on which the shooter attempted to livestream the shooting (T0146: Account Asset, T0151.001: Social Media Platform); and a manifesto they had written hosted on pastebin (T0146.006: Open Access Platform, T0152.005: Paste Platform, T0115: Post Content) and uploaded to the file sharing platform Mediafire (T0152.010: File Hosting Platform, T0085.004: Develop Document).
The report looks deeper into 8chan’s /pol/ board:
8chan is a large website, which includes a number of different discussion groups about everything from anime to left-wing politics. /pol/ is one particularly active board on the website, and it is best described as a gathering place for extremely online neo-Nazis.
[...]
I’ve browsed /pol/ on an almost daily basis since the Christchurch shooting. It has not been difficult to find calls for violence. On Monday, March 25 of this year, I ran across evidence of anons translating the Christchurch shooter’s manifesto into other languages in an attempt to inspire more shootings across the globe.
This tactic can work, and today’s shooting is proof. The Poway Synagogue shooter directly cited the Christchurch shooter as his inspiration, saying he decided to carry out his attack roughly two weeks after that shooting. On /pol/, many anons refer to the Christchurch shooter, Brenton Tarrant, as “Saint Tarrant,” complete with medieval-inspired iconography.
Manifestos posted to 8chan are translated and reshared by other platform users (T0101: Create Localised Content, T0146.006: Open Access Platform, T0151.012: Image Board Platform, T0115: Post Content, T0084.004: Appropriate Content).
When I began looking through /pol/ right after the Poway Synagogue shooting, I came across several claims that the shootings had been a “false flag” aimed at making the message board look bad.
When Bellingcat tweeted out a warning about shitposting and the shooter’s manifesto, in the immediate wake of the attack, probable anons even commented on the Tweet in an attempt to deny that a channer had been behind the attack.
This is a recognizable pattern that occurs in the wake of any crimes committed by members of the board. While the initial response to the Christchurch shooter’s massacre thread was riotous glee, in the days after the shooting many anons began to claim the attack had been a false flag. This actually sparked significant division and debate between the members of /pol/. In the below image, a user mocks other anons for being unable to “believe something in your favor is real.” Another anon responds, “As the evidence comes out, its [sic] quite clear that this was a false flag.”
In his manifesto, the Poway Synagogue shooter even weighed in on this debate, accusing other anons who called the Christchurch and Tree of Life Synagogue shootings “false flags” to merely have been scared: “They can’t fathom that there are brave White men alive who have the willpower and courage it takes to say, ‘Fuck my life—I’m willing to sacrifice everything for the benefit of my race.’”
Platform users deny that their platform has been used by mass shooters to publish their manifestos (T0129.006: Deny Involvement). |
+| [T0152.010 File Hosting Platform](../../generated_pages/techniques/T0152.010.md) | On April 27, 2019, at around 11:30 a.m. local time, a young man with a semi-automatic rifle walked into the Chabad of Poway Synagogue in Poway, California. He opened fire, killing one worshipper and wounding three others. In the hours since the shooting, a manifesto, believed to be written by the shooter, began circulating online. Evidence has also surfaced that, like the Christchurch Mosque shooter, this killer began his rampage with a post on 8chan’s /pol/ board.
Although both of these attacks may seem different, since they targeted worshippers of different faiths, both shooters were united by the same fascist ideology. They were also both radicalized in the same place: 8chan’s /pol/ board.
This has been corroborated by posts on the board itself, where “anons,” as the posters call themselves, recirculated the shooter’s since-deleted post. In it, the alleged shooter claims to have been “lurking” on the site for a year and a half. He includes a link to a livestream of his rampage — which thankfully does not appear to have worked — and he also includes a pastebin link to his manifesto.
The very first response to his announcement was another anon cheering him on and telling him to “get the high score,” AKA, kill a huge number of people.
Before carrying out a mass shooting, the shooter posted a thread to 8chan’s /pol/ board. The post directed users to a variety of different platforms (T0146.006: Open Access Platform, T0151.012: Image Board Platform, T0115: Post Content, T0122: Direct Users to Alternative Platforms); a Facebook account on which the shooter attempted to livestream the shooting (T0146: Account Asset, T0151.001: Social Media Platform); and a manifesto they had written hosted on pastebin (T0146.006: Open Access Platform, T0152.005: Paste Platform, T0115: Post Content) and uploaded to the file sharing platform Mediafire (T0152.010: File Hosting Platform, T0085.004: Develop Document).
The report looks deeper into 8chan’s /pol/ board:
8chan is a large website, which includes a number of different discussion groups about everything from anime to left-wing politics. /pol/ is one particularly active board on the website, and it is best described as a gathering place for extremely online neo-Nazis.
[...]
I’ve browsed /pol/ on an almost daily basis since the Christchurch shooting. It has not been difficult to find calls for violence. On Monday, March 25 of this year, I ran across evidence of anons translating the Christchurch shooter’s manifesto into other languages in an attempt to inspire more shootings across the globe.
This tactic can work, and today’s shooting is proof. The Poway Synagogue shooter directly cited the Christchurch shooter as his inspiration, saying he decided to carry out his attack roughly two weeks after that shooting. On /pol/, many anons refer to the Christchurch shooter, Brenton Tarrant, as “Saint Tarrant,” complete with medieval-inspired iconography.
Manifestos posted to 8chan are translated and reshared by other platform users (T0101: Create Localised Content, T0146.006: Open Access Platform, T0151.012: Image Board Platform, T0115: Post Content, T0084.004: Appropriate Content).
When I began looking through /pol/ right after the Poway Synagogue shooting, I came across several claims that the shootings had been a “false flag” aimed at making the message board look bad.
When Bellingcat tweeted out a warning about shitposting and the shooter’s manifesto, in the immediate wake of the attack, probable anons even commented on the Tweet in an attempt to deny that a channer had been behind the attack.
This is a recognizable pattern that occurs in the wake of any crimes committed by members of the board. While the initial response to the Christchurch shooter’s massacre thread was riotous glee, in the days after the shooting many anons began to claim the attack had been a false flag. This actually sparked significant division and debate between the members of /pol/. In the below image, a user mocks other anons for being unable to “believe something in your favor is real.” Another anon responds, “As the evidence comes out, its [sic] quite clear that this was a false flag.”
In his manifesto, the Poway Synagogue shooter even weighed in on this debate, accusing other anons who called the Christchurch and Tree of Life Synagogue shootings “false flags” to merely have been scared: “They can’t fathom that there are brave White men alive who have the willpower and courage it takes to say, ‘Fuck my life—I’m willing to sacrifice everything for the benefit of my race.’”
Platform users deny that their platform has been used by mass shooters to publish their manifestos (T0129.006: Deny Involvement). |
DO NOT EDIT ABOVE THIS LINE - PLEASE ADD NOTES BELOW
\ No newline at end of file
diff --git a/generated_pages/incidents/I00103.md b/generated_pages/incidents/I00103.md
index 15bca28..0eb4e30 100644
--- a/generated_pages/incidents/I00103.md
+++ b/generated_pages/incidents/I00103.md
@@ -21,10 +21,10 @@
| Technique | Description given for this incident |
| --------- | ------------------------- |
-| [T0088.001 Develop AI-Generated Audio (Deepfakes)](../../generated_pages/techniques/T0088.001.md) | IT00000385 “I seriously don't understand why I have to constantly put up with these dumbasses here every day.”
So began what appeared to be a long tirade from the principal of Pikesville High School, punctuated with racist, antisemitic and offensive tropes. It sounded like it had been secretly recorded.
The speaker went on to bemoan “ungrateful black kids” and Jewish people in the community.
The clip, first posted in [January 2024], went viral nationally. But it really struck a nerve in the peaceful, leafy suburb of Pikesville, which has large black and Jewish populations, and in the nearby city of Baltimore, Maryland. Principal Eric Eiswert was put on paid administrative leave pending an investigation.
[...]
But what those sharing the clip didn’t realise at the time was that another bombshell was about to drop: the clip was an AI-generated fake.
[...]
[In April 2024], Baltimore Police Chief Robert McCullough confirmed they now had “conclusive evidence that the recording was not authentic”.
And they believed they knew who made the fake.
Police charged 31-year-old Dazhon Darien, the school’s athletics director, with several counts related to the fake video. Charges included theft, retaliating against a witness and stalking.
He was arrested at the airport, where police say he was planning to fly to Houston, Texas.
Police say that Mr Darien had been under investigation by Principal Eiswert over an alleged theft of $1,916 (£1,460) from the school. They also allege there had been “work performance challenges” and his contract was likely not to be renewed.
Their theory was that by creating the deepfake recording, he hoped to discredit the principal before he could be fired.
Investigators say they traced an email used to send the original video to a server connected to Mr Darien, and allege that he used Baltimore County Public Schools' computer network to access AI tools. He is due to stand trial in December 2024.
By associating Mr Darien to the server used to email the original AI generated audio, investigators link Darien to the fabricated content (T0149.005: Server Asset, T0088.001: AI Generated Audio (Deepfakes)). They also assert that Darien used computers owned by the school to access platforms used to generate the audio (T0146: Account Asset, T0154.002: AI Media Platform). |
-| [T0146 Account Asset](../../generated_pages/techniques/T0146.md) | IT00000387 “I seriously don't understand why I have to constantly put up with these dumbasses here every day.”
So began what appeared to be a long tirade from the principal of Pikesville High School, punctuated with racist, antisemitic and offensive tropes. It sounded like it had been secretly recorded.
The speaker went on to bemoan “ungrateful black kids” and Jewish people in the community.
The clip, first posted in [January 2024], went viral nationally. But it really struck a nerve in the peaceful, leafy suburb of Pikesville, which has large black and Jewish populations, and in the nearby city of Baltimore, Maryland. Principal Eric Eiswert was put on paid administrative leave pending an investigation.
[...]
But what those sharing the clip didn’t realise at the time was that another bombshell was about to drop: the clip was an AI-generated fake.
[...]
[In April 2024], Baltimore Police Chief Robert McCullough confirmed they now had “conclusive evidence that the recording was not authentic”.
And they believed they knew who made the fake.
Police charged 31-year-old Dazhon Darien, the school’s athletics director, with several counts related to the fake video. Charges included theft, retaliating against a witness and stalking.
He was arrested at the airport, where police say he was planning to fly to Houston, Texas.
Police say that Mr Darien had been under investigation by Principal Eiswert over an alleged theft of $1,916 (£1,460) from the school. They also allege there had been “work performance challenges” and his contract was likely not to be renewed.
Their theory was that by creating the deepfake recording, he hoped to discredit the principal before he could be fired.
Investigators say they traced an email used to send the original video to a server connected to Mr Darien, and allege that he used Baltimore County Public Schools' computer network to access AI tools. He is due to stand trial in December 2024.
By associating Mr Darien to the server used to email the original AI generated audio, investigators link Darien to the fabricated content (T0149.005: Server Asset, T0088.001: AI Generated Audio (Deepfakes)). They also assert that Darien used computers owned by the school to access platforms used to generate the audio (T0146: Account Asset, T0154.002: AI Media Platform). |
-| [T0149.005 Server Asset](../../generated_pages/techniques/T0149.005.md) | IT00000384 “I seriously don't understand why I have to constantly put up with these dumbasses here every day.”
So began what appeared to be a long tirade from the principal of Pikesville High School, punctuated with racist, antisemitic and offensive tropes. It sounded like it had been secretly recorded.
The speaker went on to bemoan “ungrateful black kids” and Jewish people in the community.
The clip, first posted in [January 2024], went viral nationally. But it really struck a nerve in the peaceful, leafy suburb of Pikesville, which has large black and Jewish populations, and in the nearby city of Baltimore, Maryland. Principal Eric Eiswert was put on paid administrative leave pending an investigation.
[...]
But what those sharing the clip didn’t realise at the time was that another bombshell was about to drop: the clip was an AI-generated fake.
[...]
[In April 2024], Baltimore Police Chief Robert McCullough confirmed they now had “conclusive evidence that the recording was not authentic”.
And they believed they knew who made the fake.
Police charged 31-year-old Dazhon Darien, the school’s athletics director, with several counts related to the fake video. Charges included theft, retaliating against a witness and stalking.
He was arrested at the airport, where police say he was planning to fly to Houston, Texas.
Police say that Mr Darien had been under investigation by Principal Eiswert over an alleged theft of $1,916 (£1,460) from the school. They also allege there had been “work performance challenges” and his contract was likely not to be renewed.
Their theory was that by creating the deepfake recording, he hoped to discredit the principal before he could be fired.
Investigators say they traced an email used to send the original video to a server connected to Mr Darien, and allege that he used Baltimore County Public Schools' computer network to access AI tools. He is due to stand trial in December 2024.
By associating Mr Darien to the server used to email the original AI generated audio, investigators link Darien to the fabricated content (T0149.005: Server Asset, T0088.001: AI Generated Audio (Deepfakes)). They also assert that Darien used computers owned by the school to access platforms used to generate the audio (T0146: Account Asset, T0154.002: AI Media Platform). |
-| [T0154.002 AI Media Platform](../../generated_pages/techniques/T0154.002.md) | IT00000386 “I seriously don't understand why I have to constantly put up with these dumbasses here every day.”
So began what appeared to be a long tirade from the principal of Pikesville High School, punctuated with racist, antisemitic and offensive tropes. It sounded like it had been secretly recorded.
The speaker went on to bemoan “ungrateful black kids” and Jewish people in the community.
The clip, first posted in [January 2024], went viral nationally. But it really struck a nerve in the peaceful, leafy suburb of Pikesville, which has large black and Jewish populations, and in the nearby city of Baltimore, Maryland. Principal Eric Eiswert was put on paid administrative leave pending an investigation.
[...]
But what those sharing the clip didn’t realise at the time was that another bombshell was about to drop: the clip was an AI-generated fake.
[...]
[In April 2024], Baltimore Police Chief Robert McCullough confirmed they now had “conclusive evidence that the recording was not authentic”.
And they believed they knew who made the fake.
Police charged 31-year-old Dazhon Darien, the school’s athletics director, with several counts related to the fake video. Charges included theft, retaliating against a witness and stalking.
He was arrested at the airport, where police say he was planning to fly to Houston, Texas.
Police say that Mr Darien had been under investigation by Principal Eiswert over an alleged theft of $1,916 (£1,460) from the school. They also allege there had been “work performance challenges” and his contract was likely not to be renewed.
Their theory was that by creating the deepfake recording, he hoped to discredit the principal before he could be fired.
Investigators say they traced an email used to send the original video to a server connected to Mr Darien, and allege that he used Baltimore County Public Schools' computer network to access AI tools. He is due to stand trial in December 2024.
By associating Mr Darien to the server used to email the original AI generated audio, investigators link Darien to the fabricated content (T0149.005: Server Asset, T0088.001: AI Generated Audio (Deepfakes)). They also assert that Darien used computers owned by the school to access platforms used to generate the audio (T0146: Account Asset, T0154.002: AI Media Platform). |
+| [T0088.001 Develop AI-Generated Audio (Deepfakes)](../../generated_pages/techniques/T0088.001.md) | “I seriously don't understand why I have to constantly put up with these dumbasses here every day.”
So began what appeared to be a long tirade from the principal of Pikesville High School, punctuated with racist, antisemitic and offensive tropes. It sounded like it had been secretly recorded.
The speaker went on to bemoan “ungrateful black kids” and Jewish people in the community.
The clip, first posted in [January 2024], went viral nationally. But it really struck a nerve in the peaceful, leafy suburb of Pikesville, which has large black and Jewish populations, and in the nearby city of Baltimore, Maryland. Principal Eric Eiswert was put on paid administrative leave pending an investigation.
[...]
But what those sharing the clip didn’t realise at the time was that another bombshell was about to drop: the clip was an AI-generated fake.
[...]
[In April 2024], Baltimore Police Chief Robert McCullough confirmed they now had “conclusive evidence that the recording was not authentic”.
And they believed they knew who made the fake.
Police charged 31-year-old Dazhon Darien, the school’s athletics director, with several counts related to the fake video. Charges included theft, retaliating against a witness and stalking.
He was arrested at the airport, where police say he was planning to fly to Houston, Texas.
Police say that Mr Darien had been under investigation by Principal Eiswert over an alleged theft of $1,916 (£1,460) from the school. They also allege there had been “work performance challenges” and his contract was likely not to be renewed.
Their theory was that by creating the deepfake recording, he hoped to discredit the principal before he could be fired.
Investigators say they traced an email used to send the original video to a server connected to Mr Darien, and allege that he used Baltimore County Public Schools' computer network to access AI tools. He is due to stand trial in December 2024.
By associating Mr Darien to the server used to email the original AI generated audio, investigators link Darien to the fabricated content (T0149.005: Server Asset, T0088.001: AI Generated Audio (Deepfakes)). They also assert that Darien used computers owned by the school to access platforms used to generate the audio (T0146: Account Asset, T0154.002: AI Media Platform). |
+| [T0146 Account Asset](../../generated_pages/techniques/T0146.md) | “I seriously don't understand why I have to constantly put up with these dumbasses here every day.”
So began what appeared to be a long tirade from the principal of Pikesville High School, punctuated with racist, antisemitic and offensive tropes. It sounded like it had been secretly recorded.
The speaker went on to bemoan “ungrateful black kids” and Jewish people in the community.
The clip, first posted in [January 2024], went viral nationally. But it really struck a nerve in the peaceful, leafy suburb of Pikesville, which has large black and Jewish populations, and in the nearby city of Baltimore, Maryland. Principal Eric Eiswert was put on paid administrative leave pending an investigation.
[...]
But what those sharing the clip didn’t realise at the time was that another bombshell was about to drop: the clip was an AI-generated fake.
[...]
[In April 2024], Baltimore Police Chief Robert McCullough confirmed they now had “conclusive evidence that the recording was not authentic”.
And they believed they knew who made the fake.
Police charged 31-year-old Dazhon Darien, the school’s athletics director, with several counts related to the fake video. Charges included theft, retaliating against a witness and stalking.
He was arrested at the airport, where police say he was planning to fly to Houston, Texas.
Police say that Mr Darien had been under investigation by Principal Eiswert over an alleged theft of $1,916 (£1,460) from the school. They also allege there had been “work performance challenges” and his contract was likely not to be renewed.
Their theory was that by creating the deepfake recording, he hoped to discredit the principal before he could be fired.
Investigators say they traced an email used to send the original video to a server connected to Mr Darien, and allege that he used Baltimore County Public Schools' computer network to access AI tools. He is due to stand trial in December 2024.
By associating Mr Darien to the server used to email the original AI generated audio, investigators link Darien to the fabricated content (T0149.005: Server Asset, T0088.001: AI Generated Audio (Deepfakes)). They also assert that Darien used computers owned by the school to access platforms used to generate the audio (T0146: Account Asset, T0154.002: AI Media Platform). |
+| [T0149.005 Server Asset](../../generated_pages/techniques/T0149.005.md) | “I seriously don't understand why I have to constantly put up with these dumbasses here every day.”
So began what appeared to be a long tirade from the principal of Pikesville High School, punctuated with racist, antisemitic and offensive tropes. It sounded like it had been secretly recorded.
The speaker went on to bemoan “ungrateful black kids” and Jewish people in the community.
The clip, first posted in [January 2024], went viral nationally. But it really struck a nerve in the peaceful, leafy suburb of Pikesville, which has large black and Jewish populations, and in the nearby city of Baltimore, Maryland. Principal Eric Eiswert was put on paid administrative leave pending an investigation.
[...]
But what those sharing the clip didn’t realise at the time was that another bombshell was about to drop: the clip was an AI-generated fake.
[...]
[In April 2024], Baltimore Police Chief Robert McCullough confirmed they now had “conclusive evidence that the recording was not authentic”.
And they believed they knew who made the fake.
Police charged 31-year-old Dazhon Darien, the school’s athletics director, with several counts related to the fake video. Charges included theft, retaliating against a witness and stalking.
He was arrested at the airport, where police say he was planning to fly to Houston, Texas.
Police say that Mr Darien had been under investigation by Principal Eiswert over an alleged theft of $1,916 (£1,460) from the school. They also allege there had been “work performance challenges” and his contract was likely not to be renewed.
Their theory was that by creating the deepfake recording, he hoped to discredit the principal before he could be fired.
Investigators say they traced an email used to send the original video to a server connected to Mr Darien, and allege that he used Baltimore County Public Schools' computer network to access AI tools. He is due to stand trial in December 2024.
By associating Mr Darien to the server used to email the original AI generated audio, investigators link Darien to the fabricated content (T0149.005: Server Asset, T0088.001: AI Generated Audio (Deepfakes)). They also assert that Darien used computers owned by the school to access platforms used to generate the audio (T0146: Account Asset, T0154.002: AI Media Platform). |
+| [T0154.002 AI Media Platform](../../generated_pages/techniques/T0154.002.md) | “I seriously don't understand why I have to constantly put up with these dumbasses here every day.”
So began what appeared to be a long tirade from the principal of Pikesville High School, punctuated with racist, antisemitic and offensive tropes. It sounded like it had been secretly recorded.
The speaker went on to bemoan “ungrateful black kids” and Jewish people in the community.
The clip, first posted in [January 2024], went viral nationally. But it really struck a nerve in the peaceful, leafy suburb of Pikesville, which has large black and Jewish populations, and in the nearby city of Baltimore, Maryland. Principal Eric Eiswert was put on paid administrative leave pending an investigation.
[...]
But what those sharing the clip didn’t realise at the time was that another bombshell was about to drop: the clip was an AI-generated fake.
[...]
[In April 2024], Baltimore Police Chief Robert McCullough confirmed they now had “conclusive evidence that the recording was not authentic”.
And they believed they knew who made the fake.
Police charged 31-year-old Dazhon Darien, the school’s athletics director, with several counts related to the fake video. Charges included theft, retaliating against a witness and stalking.
He was arrested at the airport, where police say he was planning to fly to Houston, Texas.
Police say that Mr Darien had been under investigation by Principal Eiswert over an alleged theft of $1,916 (£1,460) from the school. They also allege there had been “work performance challenges” and his contract was likely not to be renewed.
Their theory was that by creating the deepfake recording, he hoped to discredit the principal before he could be fired.
Investigators say they traced an email used to send the original video to a server connected to Mr Darien, and allege that he used Baltimore County Public Schools' computer network to access AI tools. He is due to stand trial in December 2024.
By associating Mr Darien to the server used to email the original AI generated audio, investigators link Darien to the fabricated content (T0149.005: Server Asset, T0088.001: AI Generated Audio (Deepfakes)). They also assert that Darien used computers owned by the school to access platforms used to generate the audio (T0146: Account Asset, T0154.002: AI Media Platform). |
DO NOT EDIT ABOVE THIS LINE - PLEASE ADD NOTES BELOW
\ No newline at end of file
diff --git a/generated_pages/incidents/I00104.md b/generated_pages/incidents/I00104.md
index e35c139..b0edba4 100644
--- a/generated_pages/incidents/I00104.md
+++ b/generated_pages/incidents/I00104.md
@@ -21,11 +21,11 @@
| Technique | Description given for this incident |
| --------- | ------------------------- |
-| [T0115 Post Content](../../generated_pages/techniques/T0115.md) | IT00000391 A massive trove of documents purporting to contain thousands of emails and other files from the [2017 presidential] campaign of Emmanuel Macron—the French centrist candidate squaring off against right-wing nationalist Marine Le Pen—was posted on the internet Friday afternoon. The Macron campaign says that at least some of the documents are fake. The document dump came just over a day before voting is set to begin in the final round of the election and mere hours before candidates are legally required to stop campaigning.
At about 2:35 p.m. ET, a post appeared on the 4chan online message board announcing the leak. The documents appear to include emails, internal memos, and screenshots of purported banking records.
“In this pastebin are links to torrents of emails between Macron, his team and other officials, politicians as well as original documents and photos,” the anonymous 4chan poster wrote. “This was passed on to me today so now I am giving it to you, the people. The leak is massvie and released in the hopes that the human search engine here will be able to start sifting through the contents and figure out exactly what we have here.”
The Macron campaign issued a statement Friday night saying it was the victim of a “massive and coordinated” hacking attack. That campaign said the leak included some fake documents that were intended “to sow doubt and misinformation.”
Actors posted a to 4chan a link (T0151.012: Image Board Platform, T0146.006: Open Access Platform, T0115: Post Content, T0122: Direct Users to Alternative Platforms) to text content hosted on pastebin (T0152.005: Paste Platform, T0146.006: Open Access Platform, T0115: Post Content), which contained links to download stolen and fabricated documents. |
-| [T0122 Direct Users to Alternative Platforms](../../generated_pages/techniques/T0122.md) | IT00000392 A massive trove of documents purporting to contain thousands of emails and other files from the [2017 presidential] campaign of Emmanuel Macron—the French centrist candidate squaring off against right-wing nationalist Marine Le Pen—was posted on the internet Friday afternoon. The Macron campaign says that at least some of the documents are fake. The document dump came just over a day before voting is set to begin in the final round of the election and mere hours before candidates are legally required to stop campaigning.
At about 2:35 p.m. ET, a post appeared on the 4chan online message board announcing the leak. The documents appear to include emails, internal memos, and screenshots of purported banking records.
“In this pastebin are links to torrents of emails between Macron, his team and other officials, politicians as well as original documents and photos,” the anonymous 4chan poster wrote. “This was passed on to me today so now I am giving it to you, the people. The leak is massvie and released in the hopes that the human search engine here will be able to start sifting through the contents and figure out exactly what we have here.”
The Macron campaign issued a statement Friday night saying it was the victim of a “massive and coordinated” hacking attack. That campaign said the leak included some fake documents that were intended “to sow doubt and misinformation.”
Actors posted a to 4chan a link (T0151.012: Image Board Platform, T0146.006: Open Access Platform, T0115: Post Content, T0122: Direct Users to Alternative Platforms) to text content hosted on pastebin (T0152.005: Paste Platform, T0146.006: Open Access Platform, T0115: Post Content), which contained links to download stolen and fabricated documents. |
-| [T0146.007 Automated Account Asset](../../generated_pages/techniques/T0146.007.md) | IT00000389 A massive trove of documents purporting to contain thousands of emails and other files from the [2017 presidential] campaign of Emmanuel Macron—the French centrist candidate squaring off against right-wing nationalist Marine Le Pen—was posted on the internet Friday afternoon. The Macron campaign says that at least some of the documents are fake. The document dump came just over a day before voting is set to begin in the final round of the election and mere hours before candidates are legally required to stop campaigning.
At about 2:35 p.m. ET, a post appeared on the 4chan online message board announcing the leak. The documents appear to include emails, internal memos, and screenshots of purported banking records.
“In this pastebin are links to torrents of emails between Macron, his team and other officials, politicians as well as original documents and photos,” the anonymous 4chan poster wrote. “This was passed on to me today so now I am giving it to you, the people. The leak is massvie and released in the hopes that the human search engine here will be able to start sifting through the contents and figure out exactly what we have here.”
The Macron campaign issued a statement Friday night saying it was the victim of a “massive and coordinated” hacking attack. That campaign said the leak included some fake documents that were intended “to sow doubt and misinformation.”
Actors posted a to 4chan a link (T0151.012: Image Board Platform, T0146.006: Open Access Platform, T0115: Post Content, T0122: Direct Users to Alternative Platforms) to text content hosted on pastebin (T0152.005: Paste Platform, T0146.006: Open Access Platform, T0115: Post Content), which contained links to download stolen and fabricated documents. |
-| [T0151.012 Image Board Platform](../../generated_pages/techniques/T0151.012.md) | IT00000388 A massive trove of documents purporting to contain thousands of emails and other files from the [2017 presidential] campaign of Emmanuel Macron—the French centrist candidate squaring off against right-wing nationalist Marine Le Pen—was posted on the internet Friday afternoon. The Macron campaign says that at least some of the documents are fake. The document dump came just over a day before voting is set to begin in the final round of the election and mere hours before candidates are legally required to stop campaigning.
At about 2:35 p.m. ET, a post appeared on the 4chan online message board announcing the leak. The documents appear to include emails, internal memos, and screenshots of purported banking records.
“In this pastebin are links to torrents of emails between Macron, his team and other officials, politicians as well as original documents and photos,” the anonymous 4chan poster wrote. “This was passed on to me today so now I am giving it to you, the people. The leak is massvie and released in the hopes that the human search engine here will be able to start sifting through the contents and figure out exactly what we have here.”
The Macron campaign issued a statement Friday night saying it was the victim of a “massive and coordinated” hacking attack. That campaign said the leak included some fake documents that were intended “to sow doubt and misinformation.”
Actors posted a to 4chan a link (T0151.012: Image Board Platform, T0146.006: Open Access Platform, T0115: Post Content, T0122: Direct Users to Alternative Platforms) to text content hosted on pastebin (T0152.005: Paste Platform, T0146.006: Open Access Platform, T0115: Post Content), which contained links to download stolen and fabricated documents. |
-| [T0152.005 Paste Platform](../../generated_pages/techniques/T0152.005.md) | IT00000390 A massive trove of documents purporting to contain thousands of emails and other files from the [2017 presidential] campaign of Emmanuel Macron—the French centrist candidate squaring off against right-wing nationalist Marine Le Pen—was posted on the internet Friday afternoon. The Macron campaign says that at least some of the documents are fake. The document dump came just over a day before voting is set to begin in the final round of the election and mere hours before candidates are legally required to stop campaigning.
At about 2:35 p.m. ET, a post appeared on the 4chan online message board announcing the leak. The documents appear to include emails, internal memos, and screenshots of purported banking records.
“In this pastebin are links to torrents of emails between Macron, his team and other officials, politicians as well as original documents and photos,” the anonymous 4chan poster wrote. “This was passed on to me today so now I am giving it to you, the people. The leak is massvie and released in the hopes that the human search engine here will be able to start sifting through the contents and figure out exactly what we have here.”
The Macron campaign issued a statement Friday night saying it was the victim of a “massive and coordinated” hacking attack. That campaign said the leak included some fake documents that were intended “to sow doubt and misinformation.”
Actors posted a to 4chan a link (T0151.012: Image Board Platform, T0146.006: Open Access Platform, T0115: Post Content, T0122: Direct Users to Alternative Platforms) to text content hosted on pastebin (T0152.005: Paste Platform, T0146.006: Open Access Platform, T0115: Post Content), which contained links to download stolen and fabricated documents. |
+| [T0115 Post Content](../../generated_pages/techniques/T0115.md) | A massive trove of documents purporting to contain thousands of emails and other files from the [2017 presidential] campaign of Emmanuel Macron—the French centrist candidate squaring off against right-wing nationalist Marine Le Pen—was posted on the internet Friday afternoon. The Macron campaign says that at least some of the documents are fake. The document dump came just over a day before voting is set to begin in the final round of the election and mere hours before candidates are legally required to stop campaigning.
At about 2:35 p.m. ET, a post appeared on the 4chan online message board announcing the leak. The documents appear to include emails, internal memos, and screenshots of purported banking records.
“In this pastebin are links to torrents of emails between Macron, his team and other officials, politicians as well as original documents and photos,” the anonymous 4chan poster wrote. “This was passed on to me today so now I am giving it to you, the people. The leak is massvie and released in the hopes that the human search engine here will be able to start sifting through the contents and figure out exactly what we have here.”
The Macron campaign issued a statement Friday night saying it was the victim of a “massive and coordinated” hacking attack. That campaign said the leak included some fake documents that were intended “to sow doubt and misinformation.”
Actors posted a to 4chan a link (T0151.012: Image Board Platform, T0146.006: Open Access Platform, T0115: Post Content, T0122: Direct Users to Alternative Platforms) to text content hosted on pastebin (T0152.005: Paste Platform, T0146.006: Open Access Platform, T0115: Post Content), which contained links to download stolen and fabricated documents. |
+| [T0122 Direct Users to Alternative Platforms](../../generated_pages/techniques/T0122.md) | A massive trove of documents purporting to contain thousands of emails and other files from the [2017 presidential] campaign of Emmanuel Macron—the French centrist candidate squaring off against right-wing nationalist Marine Le Pen—was posted on the internet Friday afternoon. The Macron campaign says that at least some of the documents are fake. The document dump came just over a day before voting is set to begin in the final round of the election and mere hours before candidates are legally required to stop campaigning.
At about 2:35 p.m. ET, a post appeared on the 4chan online message board announcing the leak. The documents appear to include emails, internal memos, and screenshots of purported banking records.
“In this pastebin are links to torrents of emails between Macron, his team and other officials, politicians as well as original documents and photos,” the anonymous 4chan poster wrote. “This was passed on to me today so now I am giving it to you, the people. The leak is massvie and released in the hopes that the human search engine here will be able to start sifting through the contents and figure out exactly what we have here.”
The Macron campaign issued a statement Friday night saying it was the victim of a “massive and coordinated” hacking attack. That campaign said the leak included some fake documents that were intended “to sow doubt and misinformation.”
Actors posted a to 4chan a link (T0151.012: Image Board Platform, T0146.006: Open Access Platform, T0115: Post Content, T0122: Direct Users to Alternative Platforms) to text content hosted on pastebin (T0152.005: Paste Platform, T0146.006: Open Access Platform, T0115: Post Content), which contained links to download stolen and fabricated documents. |
+| [T0146.007 Automated Account Asset](../../generated_pages/techniques/T0146.007.md) | A massive trove of documents purporting to contain thousands of emails and other files from the [2017 presidential] campaign of Emmanuel Macron—the French centrist candidate squaring off against right-wing nationalist Marine Le Pen—was posted on the internet Friday afternoon. The Macron campaign says that at least some of the documents are fake. The document dump came just over a day before voting is set to begin in the final round of the election and mere hours before candidates are legally required to stop campaigning.
At about 2:35 p.m. ET, a post appeared on the 4chan online message board announcing the leak. The documents appear to include emails, internal memos, and screenshots of purported banking records.
“In this pastebin are links to torrents of emails between Macron, his team and other officials, politicians as well as original documents and photos,” the anonymous 4chan poster wrote. “This was passed on to me today so now I am giving it to you, the people. The leak is massvie and released in the hopes that the human search engine here will be able to start sifting through the contents and figure out exactly what we have here.”
The Macron campaign issued a statement Friday night saying it was the victim of a “massive and coordinated” hacking attack. That campaign said the leak included some fake documents that were intended “to sow doubt and misinformation.”
Actors posted a to 4chan a link (T0151.012: Image Board Platform, T0146.006: Open Access Platform, T0115: Post Content, T0122: Direct Users to Alternative Platforms) to text content hosted on pastebin (T0152.005: Paste Platform, T0146.006: Open Access Platform, T0115: Post Content), which contained links to download stolen and fabricated documents. |
+| [T0151.012 Image Board Platform](../../generated_pages/techniques/T0151.012.md) | A massive trove of documents purporting to contain thousands of emails and other files from the [2017 presidential] campaign of Emmanuel Macron—the French centrist candidate squaring off against right-wing nationalist Marine Le Pen—was posted on the internet Friday afternoon. The Macron campaign says that at least some of the documents are fake. The document dump came just over a day before voting is set to begin in the final round of the election and mere hours before candidates are legally required to stop campaigning.
At about 2:35 p.m. ET, a post appeared on the 4chan online message board announcing the leak. The documents appear to include emails, internal memos, and screenshots of purported banking records.
“In this pastebin are links to torrents of emails between Macron, his team and other officials, politicians as well as original documents and photos,” the anonymous 4chan poster wrote. “This was passed on to me today so now I am giving it to you, the people. The leak is massvie and released in the hopes that the human search engine here will be able to start sifting through the contents and figure out exactly what we have here.”
The Macron campaign issued a statement Friday night saying it was the victim of a “massive and coordinated” hacking attack. That campaign said the leak included some fake documents that were intended “to sow doubt and misinformation.”
Actors posted a to 4chan a link (T0151.012: Image Board Platform, T0146.006: Open Access Platform, T0115: Post Content, T0122: Direct Users to Alternative Platforms) to text content hosted on pastebin (T0152.005: Paste Platform, T0146.006: Open Access Platform, T0115: Post Content), which contained links to download stolen and fabricated documents. |
+| [T0152.005 Paste Platform](../../generated_pages/techniques/T0152.005.md) | A massive trove of documents purporting to contain thousands of emails and other files from the [2017 presidential] campaign of Emmanuel Macron—the French centrist candidate squaring off against right-wing nationalist Marine Le Pen—was posted on the internet Friday afternoon. The Macron campaign says that at least some of the documents are fake. The document dump came just over a day before voting is set to begin in the final round of the election and mere hours before candidates are legally required to stop campaigning.
At about 2:35 p.m. ET, a post appeared on the 4chan online message board announcing the leak. The documents appear to include emails, internal memos, and screenshots of purported banking records.
“In this pastebin are links to torrents of emails between Macron, his team and other officials, politicians as well as original documents and photos,” the anonymous 4chan poster wrote. “This was passed on to me today so now I am giving it to you, the people. The leak is massvie and released in the hopes that the human search engine here will be able to start sifting through the contents and figure out exactly what we have here.”
The Macron campaign issued a statement Friday night saying it was the victim of a “massive and coordinated” hacking attack. That campaign said the leak included some fake documents that were intended “to sow doubt and misinformation.”
Actors posted a to 4chan a link (T0151.012: Image Board Platform, T0146.006: Open Access Platform, T0115: Post Content, T0122: Direct Users to Alternative Platforms) to text content hosted on pastebin (T0152.005: Paste Platform, T0146.006: Open Access Platform, T0115: Post Content), which contained links to download stolen and fabricated documents. |
DO NOT EDIT ABOVE THIS LINE - PLEASE ADD NOTES BELOW
\ No newline at end of file
diff --git a/generated_pages/incidents/I00105.md b/generated_pages/incidents/I00105.md
index db6bb1d..ba8b8b4 100644
--- a/generated_pages/incidents/I00105.md
+++ b/generated_pages/incidents/I00105.md
@@ -21,13 +21,13 @@
| Technique | Description given for this incident |
| --------- | ------------------------- |
-| [T0147.001 Game Asset](../../generated_pages/techniques/T0147.001.md) | IT00000397 In this report, researchers look at online platforms commonly used by people who play videogames, looking at how these platforms can contribute to radicalisation of gamers:
Indie DB [is a platform that serves] to present indie games, which are titles from independent, small developer teams, which can be discussed and downloaded [Indie DB].
[...]
[On Indie DB we] found antisemitic, Islamist, sexist and other discriminatory content during the exploration. Both games and comments were located that made positive references to National Socialism. Radicalised users seem to use the opportunities to network, create groups, and communicate in forums. In addition, a number of member profiles with graphic propaganda content could be located. We found several games with propagandistic content advertised on the platform, which caused apparently radicalised users to form a fan community around those games. For example, there are titles such as the antisemitic Fursan Al-Aqsa: The Knights of the Al-Aqsa Mosque, which has won the Best Hardcore Game award at the Game Connection America 2024 Game Development Awards and which has received antisemitic praise on its review page. In the game, players need to target members of the Israeli Defence Forces, and attacks by Palestinian terrorist groups such as Hamas or Lions’ Den can be re-enacted. These include bomb attacks, beheadings and the re-enactment of the terrorist attack in Israel on 7 October 2023. We, therefore, deem Indie DB to be relevant for further analyses of extremist activities in digital gaming spaces.
Indie DB is an online software delivery platform on which users can create groups, and participate in discussion forums (T0152.009: Software Delivery Platform, T0151.002: Online Community Group, T0151.009: Legacy Online Forum Platform). The platform hosted games which allowed players to reenact terrorist attacks (T0147.001: Game Asset). |
-| [T0147.002 Game Mod Asset](../../generated_pages/techniques/T0147.002.md) | IT00000398 In this report, researchers look at online platforms commonly used by people who play videogames, looking at how these platforms can contribute to radicalisation of gamers:
Gamebanana and Mod DB are so-called modding platforms that allow users to post their modifications of existing (popular) games. In the process of modding, highly radicalised content can be inserted into games that did not originally contain it. All of these platforms also have communication functions and customisable profiles.
[...]
During the explorations, several modifications with hateful themes were located, including right-wing extremist, racist, antisemitic and Islamist content. This includes mods that make it possible to play as terrorists or National Socialists. So-called “skins” (textures that change the appearance of models in the game) for characters from first-person shooters are particularly popular and contain references to National Socialism or Islamist terrorist organisations. Although some of this content could be justified with reference to historical accuracy and realism, the user profiles of the creators and commentators often reveal political motivations. Names with neo-Nazi codes or the use of avatars showing members of the Wehrmacht or the Waffen SS, for example, indicate a certain degree of positive appreciation or fascination with right-wing ideology, as do affirmations in the comment columns.
Mod DB in particular has attracted public attention in the past. For example, a mod for the game Half-Life 2 made it possible to play a school shooting with the weapons used during the attacks at Columbine High School (1999) and Virginia Polytechnic Institute and State University (2007). Antisemitic memes and jokes are shared in several groups on the platform. It seems as if users partially connect with each other because of shared political views. There were also indications that Islamist and right-wing extremist users network on the basis of shared views on women, Jews or homosexuals. In addition to relevant usernames and avatars, we found profiles featuring picture galleries, backgrounds and banners dedicated to the SS. Extremist propaganda and radicalisation processes on modding platforms have not been explored yet, but our exploration suggests these digital spaces to be highly relevant for our field.
Mod DB is a platform which allows users to upload mods for games, which other users can download (T0152.009: Software Delivery Platform, T0147.002: Game Mod Asset). |
-| [T0151.002 Online Community Group](../../generated_pages/techniques/T0151.002.md) | IT00000395 In this report, researchers look at online platforms commonly used by people who play videogames, looking at how these platforms can contribute to radicalisation of gamers:
Indie DB [is a platform that serves] to present indie games, which are titles from independent, small developer teams, which can be discussed and downloaded [Indie DB].
[...]
[On Indie DB we] found antisemitic, Islamist, sexist and other discriminatory content during the exploration. Both games and comments were located that made positive references to National Socialism. Radicalised users seem to use the opportunities to network, create groups, and communicate in forums. In addition, a number of member profiles with graphic propaganda content could be located. We found several games with propagandistic content advertised on the platform, which caused apparently radicalised users to form a fan community around those games. For example, there are titles such as the antisemitic Fursan Al-Aqsa: The Knights of the Al-Aqsa Mosque, which has won the Best Hardcore Game award at the Game Connection America 2024 Game Development Awards and which has received antisemitic praise on its review page. In the game, players need to target members of the Israeli Defence Forces, and attacks by Palestinian terrorist groups such as Hamas or Lions’ Den can be re-enacted. These include bomb attacks, beheadings and the re-enactment of the terrorist attack in Israel on 7 October 2023. We, therefore, deem Indie DB to be relevant for further analyses of extremist activities in digital gaming spaces.
Indie DB is an online software delivery platform on which users can create groups, and participate in discussion forums (T0152.009: Software Delivery Platform, T0151.002: Online Community Group, T0151.009: Legacy Online Forum Platform). The platform hosted games which allowed players to reenact terrorist attacks (T0147.001: Game Asset). |
-| [T0151.009 Legacy Online Forum Platform](../../generated_pages/techniques/T0151.009.md) | IT00000394 In this report, researchers look at online platforms commonly used by people who play videogames, looking at how these platforms can contribute to radicalisation of gamers:
Gamer Uprising Forums (GUF) [is an online discussion platform using the classic forum structure] aimed directly at gamers. It is run by US Neo-Nazi Andrew Anglin and explicitly targets politically right-wing gamers. This forum mainly includes antisemitic, sexist, and racist topics, but also posts on related issues such as esotericism, conspiracy narratives, pro-Russian propaganda, alternative medicine, Christian religion, content related to the incel- and manosphere, lists of criminal offences committed by non-white people, links to right-wing news sites, homophobia and trans-hostility, troll guides, anti-leftism, ableism and much more. Most noticeable were the high number of antisemitic references. For example, there is a thread with hundreds of machine-generated images, most of which feature openly antisemitic content and popular antisemitic references. Many users chose explicitly antisemitic avatars. Some of the usernames also provide clues to the users’ ideologies and profiles feature swastikas as a type of progress bar and indicator of the user’s activity in the forum.
The GUF’s front page contains an overview of the forum, user statistics, and so-called “announcements”. In addition to advice-like references, these feature various expressions of hateful ideologies. At the time of the exploration, the following could be read there: “Jews are the problem!”, “Women should be raped”, “The Jews are going to be required to return stolen property”, “Immigrants will have to be physically removed”, “Console gaming is for n******” and “Anger is a womanly emotion”. New users have to prove themselves in an area for newcomers referred to in imageboard slang as the “Newfag Barn”. Only when the newcomers’ posts have received a substantial number of likes from established users, are they allowed to post in other parts of the forum. It can be assumed that this will also lead to competitions to outdo each other in posting extreme content. However, it is always possible to view all posts and content on the site. In any case, it can be assumed that the platform hardly addresses milieus that are not already radicalised or at risk of radicalisation and is therefore deemed relevant for radicalisation research. However, the number of registered users is low (typical for radicalised milieus) and, hence, the platform may only be of interest when studying a small group of highly radicalised individuals.
Gamer Uprising Forum is a legacy online forum, with access gated behind approval of existing platform users (T0155.003: Approval Gated Asset, T0151.009: Legacy Online Forum Platform). |
-| [T0152.009 Software Delivery Platform](../../generated_pages/techniques/T0152.009.md) | IT00000396 In this report, researchers look at online platforms commonly used by people who play videogames, looking at how these platforms can contribute to radicalisation of gamers:
Indie DB [is a platform that serves] to present indie games, which are titles from independent, small developer teams, which can be discussed and downloaded [Indie DB].
[...]
[On Indie DB we] found antisemitic, Islamist, sexist and other discriminatory content during the exploration. Both games and comments were located that made positive references to National Socialism. Radicalised users seem to use the opportunities to network, create groups, and communicate in forums. In addition, a number of member profiles with graphic propaganda content could be located. We found several games with propagandistic content advertised on the platform, which caused apparently radicalised users to form a fan community around those games. For example, there are titles such as the antisemitic Fursan Al-Aqsa: The Knights of the Al-Aqsa Mosque, which has won the Best Hardcore Game award at the Game Connection America 2024 Game Development Awards and which has received antisemitic praise on its review page. In the game, players need to target members of the Israeli Defence Forces, and attacks by Palestinian terrorist groups such as Hamas or Lions’ Den can be re-enacted. These include bomb attacks, beheadings and the re-enactment of the terrorist attack in Israel on 7 October 2023. We, therefore, deem Indie DB to be relevant for further analyses of extremist activities in digital gaming spaces.
Indie DB is an online software delivery platform on which users can create groups, and participate in discussion forums (T0152.009: Software Delivery Platform, T0151.002: Online Community Group, T0151.009: Legacy Online Forum Platform). The platform hosted games which allowed players to reenact terrorist attacks (T0147.001: Game Asset). |
-| [T0152.009 Software Delivery Platform](../../generated_pages/techniques/T0152.009.md) | IT00000399 In this report, researchers look at online platforms commonly used by people who play videogames, looking at how these platforms can contribute to radicalisation of gamers:
Gamebanana and Mod DB are so-called modding platforms that allow users to post their modifications of existing (popular) games. In the process of modding, highly radicalised content can be inserted into games that did not originally contain it. All of these platforms also have communication functions and customisable profiles.
[...]
During the explorations, several modifications with hateful themes were located, including right-wing extremist, racist, antisemitic and Islamist content. This includes mods that make it possible to play as terrorists or National Socialists. So-called “skins” (textures that change the appearance of models in the game) for characters from first-person shooters are particularly popular and contain references to National Socialism or Islamist terrorist organisations. Although some of this content could be justified with reference to historical accuracy and realism, the user profiles of the creators and commentators often reveal political motivations. Names with neo-Nazi codes or the use of avatars showing members of the Wehrmacht or the Waffen SS, for example, indicate a certain degree of positive appreciation or fascination with right-wing ideology, as do affirmations in the comment columns.
Mod DB in particular has attracted public attention in the past. For example, a mod for the game Half-Life 2 made it possible to play a school shooting with the weapons used during the attacks at Columbine High School (1999) and Virginia Polytechnic Institute and State University (2007). Antisemitic memes and jokes are shared in several groups on the platform. It seems as if users partially connect with each other because of shared political views. There were also indications that Islamist and right-wing extremist users network on the basis of shared views on women, Jews or homosexuals. In addition to relevant usernames and avatars, we found profiles featuring picture galleries, backgrounds and banners dedicated to the SS. Extremist propaganda and radicalisation processes on modding platforms have not been explored yet, but our exploration suggests these digital spaces to be highly relevant for our field.
Mod DB is a platform which allows users to upload mods for games, which other users can download (T0152.009: Software Delivery Platform, T0147.002: Game Mod Asset). |
-| [T0155.003 Approval Gated Asset](../../generated_pages/techniques/T0155.003.md) | IT00000393 In this report, researchers look at online platforms commonly used by people who play videogames, looking at how these platforms can contribute to radicalisation of gamers:
Gamer Uprising Forums (GUF) [is an online discussion platform using the classic forum structure] aimed directly at gamers. It is run by US Neo-Nazi Andrew Anglin and explicitly targets politically right-wing gamers. This forum mainly includes antisemitic, sexist, and racist topics, but also posts on related issues such as esotericism, conspiracy narratives, pro-Russian propaganda, alternative medicine, Christian religion, content related to the incel- and manosphere, lists of criminal offences committed by non-white people, links to right-wing news sites, homophobia and trans-hostility, troll guides, anti-leftism, ableism and much more. Most noticeable were the high number of antisemitic references. For example, there is a thread with hundreds of machine-generated images, most of which feature openly antisemitic content and popular antisemitic references. Many users chose explicitly antisemitic avatars. Some of the usernames also provide clues to the users’ ideologies and profiles feature swastikas as a type of progress bar and indicator of the user’s activity in the forum.
The GUF’s front page contains an overview of the forum, user statistics, and so-called “announcements”. In addition to advice-like references, these feature various expressions of hateful ideologies. At the time of the exploration, the following could be read there: “Jews are the problem!”, “Women should be raped”, “The Jews are going to be required to return stolen property”, “Immigrants will have to be physically removed”, “Console gaming is for n******” and “Anger is a womanly emotion”. New users have to prove themselves in an area for newcomers referred to in imageboard slang as the “Newfag Barn”. Only when the newcomers’ posts have received a substantial number of likes from established users, are they allowed to post in other parts of the forum. It can be assumed that this will also lead to competitions to outdo each other in posting extreme content. However, it is always possible to view all posts and content on the site. In any case, it can be assumed that the platform hardly addresses milieus that are not already radicalised or at risk of radicalisation and is therefore deemed relevant for radicalisation research. However, the number of registered users is low (typical for radicalised milieus) and, hence, the platform may only be of interest when studying a small group of highly radicalised individuals.
Gamer Uprising Forum is a legacy online forum, with access gated behind approval of existing platform users (T0155.003: Approval Gated Asset, T0151.009: Legacy Online Forum Platform). |
+| [T0147.001 Game Asset](../../generated_pages/techniques/T0147.001.md) | In this report, researchers look at online platforms commonly used by people who play videogames, looking at how these platforms can contribute to radicalisation of gamers:
Indie DB [is a platform that serves] to present indie games, which are titles from independent, small developer teams, which can be discussed and downloaded [Indie DB].
[...]
[On Indie DB we] found antisemitic, Islamist, sexist and other discriminatory content during the exploration. Both games and comments were located that made positive references to National Socialism. Radicalised users seem to use the opportunities to network, create groups, and communicate in forums. In addition, a number of member profiles with graphic propaganda content could be located. We found several games with propagandistic content advertised on the platform, which caused apparently radicalised users to form a fan community around those games. For example, there are titles such as the antisemitic Fursan Al-Aqsa: The Knights of the Al-Aqsa Mosque, which has won the Best Hardcore Game award at the Game Connection America 2024 Game Development Awards and which has received antisemitic praise on its review page. In the game, players need to target members of the Israeli Defence Forces, and attacks by Palestinian terrorist groups such as Hamas or Lions’ Den can be re-enacted. These include bomb attacks, beheadings and the re-enactment of the terrorist attack in Israel on 7 October 2023. We, therefore, deem Indie DB to be relevant for further analyses of extremist activities in digital gaming spaces.
Indie DB is an online software delivery platform on which users can create groups, and participate in discussion forums (T0152.009: Software Delivery Platform, T0151.002: Online Community Group, T0151.009: Legacy Online Forum Platform). The platform hosted games which allowed players to reenact terrorist attacks (T0147.001: Game Asset). |
+| [T0147.002 Game Mod Asset](../../generated_pages/techniques/T0147.002.md) | In this report, researchers look at online platforms commonly used by people who play videogames, looking at how these platforms can contribute to radicalisation of gamers:
Gamebanana and Mod DB are so-called modding platforms that allow users to post their modifications of existing (popular) games. In the process of modding, highly radicalised content can be inserted into games that did not originally contain it. All of these platforms also have communication functions and customisable profiles.
[...]
During the explorations, several modifications with hateful themes were located, including right-wing extremist, racist, antisemitic and Islamist content. This includes mods that make it possible to play as terrorists or National Socialists. So-called “skins” (textures that change the appearance of models in the game) for characters from first-person shooters are particularly popular and contain references to National Socialism or Islamist terrorist organisations. Although some of this content could be justified with reference to historical accuracy and realism, the user profiles of the creators and commentators often reveal political motivations. Names with neo-Nazi codes or the use of avatars showing members of the Wehrmacht or the Waffen SS, for example, indicate a certain degree of positive appreciation or fascination with right-wing ideology, as do affirmations in the comment columns.
Mod DB in particular has attracted public attention in the past. For example, a mod for the game Half-Life 2 made it possible to play a school shooting with the weapons used during the attacks at Columbine High School (1999) and Virginia Polytechnic Institute and State University (2007). Antisemitic memes and jokes are shared in several groups on the platform. It seems as if users partially connect with each other because of shared political views. There were also indications that Islamist and right-wing extremist users network on the basis of shared views on women, Jews or homosexuals. In addition to relevant usernames and avatars, we found profiles featuring picture galleries, backgrounds and banners dedicated to the SS. Extremist propaganda and radicalisation processes on modding platforms have not been explored yet, but our exploration suggests these digital spaces to be highly relevant for our field.
Mod DB is a platform which allows users to upload mods for games, which other users can download (T0152.009: Software Delivery Platform, T0147.002: Game Mod Asset). |
+| [T0151.002 Online Community Group](../../generated_pages/techniques/T0151.002.md) | In this report, researchers look at online platforms commonly used by people who play videogames, looking at how these platforms can contribute to radicalisation of gamers:
Indie DB [is a platform that serves] to present indie games, which are titles from independent, small developer teams, which can be discussed and downloaded [Indie DB].
[...]
[On Indie DB we] found antisemitic, Islamist, sexist and other discriminatory content during the exploration. Both games and comments were located that made positive references to National Socialism. Radicalised users seem to use the opportunities to network, create groups, and communicate in forums. In addition, a number of member profiles with graphic propaganda content could be located. We found several games with propagandistic content advertised on the platform, which caused apparently radicalised users to form a fan community around those games. For example, there are titles such as the antisemitic Fursan Al-Aqsa: The Knights of the Al-Aqsa Mosque, which has won the Best Hardcore Game award at the Game Connection America 2024 Game Development Awards and which has received antisemitic praise on its review page. In the game, players need to target members of the Israeli Defence Forces, and attacks by Palestinian terrorist groups such as Hamas or Lions’ Den can be re-enacted. These include bomb attacks, beheadings and the re-enactment of the terrorist attack in Israel on 7 October 2023. We, therefore, deem Indie DB to be relevant for further analyses of extremist activities in digital gaming spaces.
Indie DB is an online software delivery platform on which users can create groups, and participate in discussion forums (T0152.009: Software Delivery Platform, T0151.002: Online Community Group, T0151.009: Legacy Online Forum Platform). The platform hosted games which allowed players to reenact terrorist attacks (T0147.001: Game Asset). |
+| [T0151.009 Legacy Online Forum Platform](../../generated_pages/techniques/T0151.009.md) | In this report, researchers look at online platforms commonly used by people who play videogames, looking at how these platforms can contribute to radicalisation of gamers:
Gamer Uprising Forums (GUF) [is an online discussion platform using the classic forum structure] aimed directly at gamers. It is run by US Neo-Nazi Andrew Anglin and explicitly targets politically right-wing gamers. This forum mainly includes antisemitic, sexist, and racist topics, but also posts on related issues such as esotericism, conspiracy narratives, pro-Russian propaganda, alternative medicine, Christian religion, content related to the incel- and manosphere, lists of criminal offences committed by non-white people, links to right-wing news sites, homophobia and trans-hostility, troll guides, anti-leftism, ableism and much more. Most noticeable were the high number of antisemitic references. For example, there is a thread with hundreds of machine-generated images, most of which feature openly antisemitic content and popular antisemitic references. Many users chose explicitly antisemitic avatars. Some of the usernames also provide clues to the users’ ideologies and profiles feature swastikas as a type of progress bar and indicator of the user’s activity in the forum.
The GUF’s front page contains an overview of the forum, user statistics, and so-called “announcements”. In addition to advice-like references, these feature various expressions of hateful ideologies. At the time of the exploration, the following could be read there: “Jews are the problem!”, “Women should be raped”, “The Jews are going to be required to return stolen property”, “Immigrants will have to be physically removed”, “Console gaming is for n******” and “Anger is a womanly emotion”. New users have to prove themselves in an area for newcomers referred to in imageboard slang as the “Newfag Barn”. Only when the newcomers’ posts have received a substantial number of likes from established users, are they allowed to post in other parts of the forum. It can be assumed that this will also lead to competitions to outdo each other in posting extreme content. However, it is always possible to view all posts and content on the site. In any case, it can be assumed that the platform hardly addresses milieus that are not already radicalised or at risk of radicalisation and is therefore deemed relevant for radicalisation research. However, the number of registered users is low (typical for radicalised milieus) and, hence, the platform may only be of interest when studying a small group of highly radicalised individuals.
Gamer Uprising Forum is a legacy online forum, with access gated behind approval of existing platform users (T0155.003: Approval Gated Asset, T0151.009: Legacy Online Forum Platform). |
+| [T0152.009 Software Delivery Platform](../../generated_pages/techniques/T0152.009.md) | In this report, researchers look at online platforms commonly used by people who play videogames, looking at how these platforms can contribute to radicalisation of gamers:
Indie DB [is a platform that serves] to present indie games, which are titles from independent, small developer teams, which can be discussed and downloaded [Indie DB].
[...]
[On Indie DB we] found antisemitic, Islamist, sexist and other discriminatory content during the exploration. Both games and comments were located that made positive references to National Socialism. Radicalised users seem to use the opportunities to network, create groups, and communicate in forums. In addition, a number of member profiles with graphic propaganda content could be located. We found several games with propagandistic content advertised on the platform, which caused apparently radicalised users to form a fan community around those games. For example, there are titles such as the antisemitic Fursan Al-Aqsa: The Knights of the Al-Aqsa Mosque, which has won the Best Hardcore Game award at the Game Connection America 2024 Game Development Awards and which has received antisemitic praise on its review page. In the game, players need to target members of the Israeli Defence Forces, and attacks by Palestinian terrorist groups such as Hamas or Lions’ Den can be re-enacted. These include bomb attacks, beheadings and the re-enactment of the terrorist attack in Israel on 7 October 2023. We, therefore, deem Indie DB to be relevant for further analyses of extremist activities in digital gaming spaces.
Indie DB is an online software delivery platform on which users can create groups, and participate in discussion forums (T0152.009: Software Delivery Platform, T0151.002: Online Community Group, T0151.009: Legacy Online Forum Platform). The platform hosted games which allowed players to reenact terrorist attacks (T0147.001: Game Asset). |
+| [T0152.009 Software Delivery Platform](../../generated_pages/techniques/T0152.009.md) | In this report, researchers look at online platforms commonly used by people who play videogames, looking at how these platforms can contribute to radicalisation of gamers:
Gamebanana and Mod DB are so-called modding platforms that allow users to post their modifications of existing (popular) games. In the process of modding, highly radicalised content can be inserted into games that did not originally contain it. All of these platforms also have communication functions and customisable profiles.
[...]
During the explorations, several modifications with hateful themes were located, including right-wing extremist, racist, antisemitic and Islamist content. This includes mods that make it possible to play as terrorists or National Socialists. So-called “skins” (textures that change the appearance of models in the game) for characters from first-person shooters are particularly popular and contain references to National Socialism or Islamist terrorist organisations. Although some of this content could be justified with reference to historical accuracy and realism, the user profiles of the creators and commentators often reveal political motivations. Names with neo-Nazi codes or the use of avatars showing members of the Wehrmacht or the Waffen SS, for example, indicate a certain degree of positive appreciation or fascination with right-wing ideology, as do affirmations in the comment columns.
Mod DB in particular has attracted public attention in the past. For example, a mod for the game Half-Life 2 made it possible to play a school shooting with the weapons used during the attacks at Columbine High School (1999) and Virginia Polytechnic Institute and State University (2007). Antisemitic memes and jokes are shared in several groups on the platform. It seems as if users partially connect with each other because of shared political views. There were also indications that Islamist and right-wing extremist users network on the basis of shared views on women, Jews or homosexuals. In addition to relevant usernames and avatars, we found profiles featuring picture galleries, backgrounds and banners dedicated to the SS. Extremist propaganda and radicalisation processes on modding platforms have not been explored yet, but our exploration suggests these digital spaces to be highly relevant for our field.
Mod DB is a platform which allows users to upload mods for games, which other users can download (T0152.009: Software Delivery Platform, T0147.002: Game Mod Asset). |
+| [T0155.003 Approval Gated Asset](../../generated_pages/techniques/T0155.003.md) | In this report, researchers look at online platforms commonly used by people who play videogames, looking at how these platforms can contribute to radicalisation of gamers:
Gamer Uprising Forums (GUF) [is an online discussion platform using the classic forum structure] aimed directly at gamers. It is run by US Neo-Nazi Andrew Anglin and explicitly targets politically right-wing gamers. This forum mainly includes antisemitic, sexist, and racist topics, but also posts on related issues such as esotericism, conspiracy narratives, pro-Russian propaganda, alternative medicine, Christian religion, content related to the incel- and manosphere, lists of criminal offences committed by non-white people, links to right-wing news sites, homophobia and trans-hostility, troll guides, anti-leftism, ableism and much more. Most noticeable were the high number of antisemitic references. For example, there is a thread with hundreds of machine-generated images, most of which feature openly antisemitic content and popular antisemitic references. Many users chose explicitly antisemitic avatars. Some of the usernames also provide clues to the users’ ideologies and profiles feature swastikas as a type of progress bar and indicator of the user’s activity in the forum.
The GUF’s front page contains an overview of the forum, user statistics, and so-called “announcements”. In addition to advice-like references, these feature various expressions of hateful ideologies. At the time of the exploration, the following could be read there: “Jews are the problem!”, “Women should be raped”, “The Jews are going to be required to return stolen property”, “Immigrants will have to be physically removed”, “Console gaming is for n******” and “Anger is a womanly emotion”. New users have to prove themselves in an area for newcomers referred to in imageboard slang as the “Newfag Barn”. Only when the newcomers’ posts have received a substantial number of likes from established users, are they allowed to post in other parts of the forum. It can be assumed that this will also lead to competitions to outdo each other in posting extreme content. However, it is always possible to view all posts and content on the site. In any case, it can be assumed that the platform hardly addresses milieus that are not already radicalised or at risk of radicalisation and is therefore deemed relevant for radicalisation research. However, the number of registered users is low (typical for radicalised milieus) and, hence, the platform may only be of interest when studying a small group of highly radicalised individuals.
Gamer Uprising Forum is a legacy online forum, with access gated behind approval of existing platform users (T0155.003: Approval Gated Asset, T0151.009: Legacy Online Forum Platform). |
DO NOT EDIT ABOVE THIS LINE - PLEASE ADD NOTES BELOW
\ No newline at end of file
diff --git a/generated_pages/incidents/I00106.md b/generated_pages/incidents/I00106.md
index 22390a9..ba5830a 100644
--- a/generated_pages/incidents/I00106.md
+++ b/generated_pages/incidents/I00106.md
@@ -21,12 +21,12 @@
| Technique | Description given for this incident |
| --------- | ------------------------- |
-| [T0068 Respond to Breaking News Event or Active Crisis](../../generated_pages/techniques/T0068.md) | IT00000403 As families desperately seek to find missing loved ones and communities grapple with immeasurable losses of both life and property in the wake of [2024’s] Hurricane Helene, AI slop scammers appear to be capitalizing on the moment for personal gain.
A Facebook account called "Coastal Views" usually shares calmer AI imagery of nature-filled beachside scenes. The account's banner image showcases a signpost reading "OBX Live," OBX being shorthand for North Carolina's Outer Banks islands.
But starting this weekend, the account shifted its approach dramatically, as first flagged by a social media user on X.
Instead of posting "photos" of leaping dolphins and sandy beaches, the account suddenly started publishing images of flooded mountain neighborhoods, submerged houses, and dogs sitting on top of roofs.
But instead of spreading vital information to those affected by the natural disaster, or at the very least sharing real photos of the destruction, the account is seemingly trying to use AI to cash in on all the attention the hurricane has been getting.
The account links to an Etsy page for a business called" OuterBanks2023," where somebody who goes by "Alexandr" sells AI-generated prints of horses touching snouts with sea turtles, Santa running down the shoreline with a reindeer, and sunsets over ocean waves.
A Facebook page which presented itself as being associated with North Carolina which posted AI generated images changed to posting AI generated images of hurricane damage after Hurricane Helene hit North Carolina (T0151.003: Online Community Page, T0151.001: Social Media Platform, T0115: Post Content, T0086.002: Develop AI-Generated Images (Deepfakes), T0068: Respond to Breaking News Event or Active Crisis).
The account included links (T0122: Direct Users to Alternative Platforms) to an account on Etsy, which sold prints of AI generated images (T0146: Account Asset, T0148.007: eCommerce Platform). |
-| [T0086.002 Develop AI-Generated Images (Deepfakes)](../../generated_pages/techniques/T0086.002.md) | IT00000402 As families desperately seek to find missing loved ones and communities grapple with immeasurable losses of both life and property in the wake of [2024’s] Hurricane Helene, AI slop scammers appear to be capitalizing on the moment for personal gain.
A Facebook account called "Coastal Views" usually shares calmer AI imagery of nature-filled beachside scenes. The account's banner image showcases a signpost reading "OBX Live," OBX being shorthand for North Carolina's Outer Banks islands.
But starting this weekend, the account shifted its approach dramatically, as first flagged by a social media user on X.
Instead of posting "photos" of leaping dolphins and sandy beaches, the account suddenly started publishing images of flooded mountain neighborhoods, submerged houses, and dogs sitting on top of roofs.
But instead of spreading vital information to those affected by the natural disaster, or at the very least sharing real photos of the destruction, the account is seemingly trying to use AI to cash in on all the attention the hurricane has been getting.
The account links to an Etsy page for a business called" OuterBanks2023," where somebody who goes by "Alexandr" sells AI-generated prints of horses touching snouts with sea turtles, Santa running down the shoreline with a reindeer, and sunsets over ocean waves.
A Facebook page which presented itself as being associated with North Carolina which posted AI generated images changed to posting AI generated images of hurricane damage after Hurricane Helene hit North Carolina (T0151.003: Online Community Page, T0151.001: Social Media Platform, T0115: Post Content, T0086.002: Develop AI-Generated Images (Deepfakes), T0068: Respond to Breaking News Event or Active Crisis).
The account included links (T0122: Direct Users to Alternative Platforms) to an account on Etsy, which sold prints of AI generated images (T0146: Account Asset, T0148.007: eCommerce Platform). |
-| [T0122 Direct Users to Alternative Platforms](../../generated_pages/techniques/T0122.md) | IT00000404 As families desperately seek to find missing loved ones and communities grapple with immeasurable losses of both life and property in the wake of [2024’s] Hurricane Helene, AI slop scammers appear to be capitalizing on the moment for personal gain.
A Facebook account called "Coastal Views" usually shares calmer AI imagery of nature-filled beachside scenes. The account's banner image showcases a signpost reading "OBX Live," OBX being shorthand for North Carolina's Outer Banks islands.
But starting this weekend, the account shifted its approach dramatically, as first flagged by a social media user on X.
Instead of posting "photos" of leaping dolphins and sandy beaches, the account suddenly started publishing images of flooded mountain neighborhoods, submerged houses, and dogs sitting on top of roofs.
But instead of spreading vital information to those affected by the natural disaster, or at the very least sharing real photos of the destruction, the account is seemingly trying to use AI to cash in on all the attention the hurricane has been getting.
The account links to an Etsy page for a business called" OuterBanks2023," where somebody who goes by "Alexandr" sells AI-generated prints of horses touching snouts with sea turtles, Santa running down the shoreline with a reindeer, and sunsets over ocean waves.
A Facebook page which presented itself as being associated with North Carolina which posted AI generated images changed to posting AI generated images of hurricane damage after Hurricane Helene hit North Carolina (T0151.003: Online Community Page, T0151.001: Social Media Platform, T0115: Post Content, T0086.002: Develop AI-Generated Images (Deepfakes), T0068: Respond to Breaking News Event or Active Crisis).
The account included links (T0122: Direct Users to Alternative Platforms) to an account on Etsy, which sold prints of AI generated images (T0146: Account Asset, T0148.007: eCommerce Platform). |
-| [T0148.007 eCommerce Platform](../../generated_pages/techniques/T0148.007.md) | IT00000405 As families desperately seek to find missing loved ones and communities grapple with immeasurable losses of both life and property in the wake of [2024’s] Hurricane Helene, AI slop scammers appear to be capitalizing on the moment for personal gain.
A Facebook account called "Coastal Views" usually shares calmer AI imagery of nature-filled beachside scenes. The account's banner image showcases a signpost reading "OBX Live," OBX being shorthand for North Carolina's Outer Banks islands.
But starting this weekend, the account shifted its approach dramatically, as first flagged by a social media user on X.
Instead of posting "photos" of leaping dolphins and sandy beaches, the account suddenly started publishing images of flooded mountain neighborhoods, submerged houses, and dogs sitting on top of roofs.
But instead of spreading vital information to those affected by the natural disaster, or at the very least sharing real photos of the destruction, the account is seemingly trying to use AI to cash in on all the attention the hurricane has been getting.
The account links to an Etsy page for a business called" OuterBanks2023," where somebody who goes by "Alexandr" sells AI-generated prints of horses touching snouts with sea turtles, Santa running down the shoreline with a reindeer, and sunsets over ocean waves.
A Facebook page which presented itself as being associated with North Carolina which posted AI generated images changed to posting AI generated images of hurricane damage after Hurricane Helene hit North Carolina (T0151.003: Online Community Page, T0151.001: Social Media Platform, T0115: Post Content, T0086.002: Develop AI-Generated Images (Deepfakes), T0068: Respond to Breaking News Event or Active Crisis).
The account included links (T0122: Direct Users to Alternative Platforms) to an account on Etsy, which sold prints of AI generated images (T0146: Account Asset, T0148.007: eCommerce Platform). |
-| [T0151.001 Social Media Platform](../../generated_pages/techniques/T0151.001.md) | IT00000400 As families desperately seek to find missing loved ones and communities grapple with immeasurable losses of both life and property in the wake of [2024’s] Hurricane Helene, AI slop scammers appear to be capitalizing on the moment for personal gain.
A Facebook account called "Coastal Views" usually shares calmer AI imagery of nature-filled beachside scenes. The account's banner image showcases a signpost reading "OBX Live," OBX being shorthand for North Carolina's Outer Banks islands.
But starting this weekend, the account shifted its approach dramatically, as first flagged by a social media user on X.
Instead of posting "photos" of leaping dolphins and sandy beaches, the account suddenly started publishing images of flooded mountain neighborhoods, submerged houses, and dogs sitting on top of roofs.
But instead of spreading vital information to those affected by the natural disaster, or at the very least sharing real photos of the destruction, the account is seemingly trying to use AI to cash in on all the attention the hurricane has been getting.
The account links to an Etsy page for a business called" OuterBanks2023," where somebody who goes by "Alexandr" sells AI-generated prints of horses touching snouts with sea turtles, Santa running down the shoreline with a reindeer, and sunsets over ocean waves.
A Facebook page which presented itself as being associated with North Carolina which posted AI generated images changed to posting AI generated images of hurricane damage after Hurricane Helene hit North Carolina (T0151.003: Online Community Page, T0151.001: Social Media Platform, T0115: Post Content, T0086.002: Develop AI-Generated Images (Deepfakes), T0068: Respond to Breaking News Event or Active Crisis).
The account included links (T0122: Direct Users to Alternative Platforms) to an account on Etsy, which sold prints of AI generated images (T0146: Account Asset, T0148.007: eCommerce Platform). |
-| [T0151.003 Online Community Page](../../generated_pages/techniques/T0151.003.md) | IT00000401 As families desperately seek to find missing loved ones and communities grapple with immeasurable losses of both life and property in the wake of [2024’s] Hurricane Helene, AI slop scammers appear to be capitalizing on the moment for personal gain.
A Facebook account called "Coastal Views" usually shares calmer AI imagery of nature-filled beachside scenes. The account's banner image showcases a signpost reading "OBX Live," OBX being shorthand for North Carolina's Outer Banks islands.
But starting this weekend, the account shifted its approach dramatically, as first flagged by a social media user on X.
Instead of posting "photos" of leaping dolphins and sandy beaches, the account suddenly started publishing images of flooded mountain neighborhoods, submerged houses, and dogs sitting on top of roofs.
But instead of spreading vital information to those affected by the natural disaster, or at the very least sharing real photos of the destruction, the account is seemingly trying to use AI to cash in on all the attention the hurricane has been getting.
The account links to an Etsy page for a business called" OuterBanks2023," where somebody who goes by "Alexandr" sells AI-generated prints of horses touching snouts with sea turtles, Santa running down the shoreline with a reindeer, and sunsets over ocean waves.
A Facebook page which presented itself as being associated with North Carolina which posted AI generated images changed to posting AI generated images of hurricane damage after Hurricane Helene hit North Carolina (T0151.003: Online Community Page, T0151.001: Social Media Platform, T0115: Post Content, T0086.002: Develop AI-Generated Images (Deepfakes), T0068: Respond to Breaking News Event or Active Crisis).
The account included links (T0122: Direct Users to Alternative Platforms) to an account on Etsy, which sold prints of AI generated images (T0146: Account Asset, T0148.007: eCommerce Platform). |
+| [T0068 Respond to Breaking News Event or Active Crisis](../../generated_pages/techniques/T0068.md) | As families desperately seek to find missing loved ones and communities grapple with immeasurable losses of both life and property in the wake of [2024’s] Hurricane Helene, AI slop scammers appear to be capitalizing on the moment for personal gain.
A Facebook account called "Coastal Views" usually shares calmer AI imagery of nature-filled beachside scenes. The account's banner image showcases a signpost reading "OBX Live," OBX being shorthand for North Carolina's Outer Banks islands.
But starting this weekend, the account shifted its approach dramatically, as first flagged by a social media user on X.
Instead of posting "photos" of leaping dolphins and sandy beaches, the account suddenly started publishing images of flooded mountain neighborhoods, submerged houses, and dogs sitting on top of roofs.
But instead of spreading vital information to those affected by the natural disaster, or at the very least sharing real photos of the destruction, the account is seemingly trying to use AI to cash in on all the attention the hurricane has been getting.
The account links to an Etsy page for a business called" OuterBanks2023," where somebody who goes by "Alexandr" sells AI-generated prints of horses touching snouts with sea turtles, Santa running down the shoreline with a reindeer, and sunsets over ocean waves.
A Facebook page which presented itself as being associated with North Carolina which posted AI generated images changed to posting AI generated images of hurricane damage after Hurricane Helene hit North Carolina (T0151.003: Online Community Page, T0151.001: Social Media Platform, T0115: Post Content, T0086.002: Develop AI-Generated Images (Deepfakes), T0068: Respond to Breaking News Event or Active Crisis).
The account included links (T0122: Direct Users to Alternative Platforms) to an account on Etsy, which sold prints of AI generated images (T0146: Account Asset, T0148.007: eCommerce Platform). |
+| [T0086.002 Develop AI-Generated Images (Deepfakes)](../../generated_pages/techniques/T0086.002.md) | As families desperately seek to find missing loved ones and communities grapple with immeasurable losses of both life and property in the wake of [2024’s] Hurricane Helene, AI slop scammers appear to be capitalizing on the moment for personal gain.
A Facebook account called "Coastal Views" usually shares calmer AI imagery of nature-filled beachside scenes. The account's banner image showcases a signpost reading "OBX Live," OBX being shorthand for North Carolina's Outer Banks islands.
But starting this weekend, the account shifted its approach dramatically, as first flagged by a social media user on X.
Instead of posting "photos" of leaping dolphins and sandy beaches, the account suddenly started publishing images of flooded mountain neighborhoods, submerged houses, and dogs sitting on top of roofs.
But instead of spreading vital information to those affected by the natural disaster, or at the very least sharing real photos of the destruction, the account is seemingly trying to use AI to cash in on all the attention the hurricane has been getting.
The account links to an Etsy page for a business called" OuterBanks2023," where somebody who goes by "Alexandr" sells AI-generated prints of horses touching snouts with sea turtles, Santa running down the shoreline with a reindeer, and sunsets over ocean waves.
A Facebook page which presented itself as being associated with North Carolina which posted AI generated images changed to posting AI generated images of hurricane damage after Hurricane Helene hit North Carolina (T0151.003: Online Community Page, T0151.001: Social Media Platform, T0115: Post Content, T0086.002: Develop AI-Generated Images (Deepfakes), T0068: Respond to Breaking News Event or Active Crisis).
The account included links (T0122: Direct Users to Alternative Platforms) to an account on Etsy, which sold prints of AI generated images (T0146: Account Asset, T0148.007: eCommerce Platform). |
+| [T0122 Direct Users to Alternative Platforms](../../generated_pages/techniques/T0122.md) | As families desperately seek to find missing loved ones and communities grapple with immeasurable losses of both life and property in the wake of [2024’s] Hurricane Helene, AI slop scammers appear to be capitalizing on the moment for personal gain.
A Facebook account called "Coastal Views" usually shares calmer AI imagery of nature-filled beachside scenes. The account's banner image showcases a signpost reading "OBX Live," OBX being shorthand for North Carolina's Outer Banks islands.
But starting this weekend, the account shifted its approach dramatically, as first flagged by a social media user on X.
Instead of posting "photos" of leaping dolphins and sandy beaches, the account suddenly started publishing images of flooded mountain neighborhoods, submerged houses, and dogs sitting on top of roofs.
But instead of spreading vital information to those affected by the natural disaster, or at the very least sharing real photos of the destruction, the account is seemingly trying to use AI to cash in on all the attention the hurricane has been getting.
The account links to an Etsy page for a business called" OuterBanks2023," where somebody who goes by "Alexandr" sells AI-generated prints of horses touching snouts with sea turtles, Santa running down the shoreline with a reindeer, and sunsets over ocean waves.
A Facebook page which presented itself as being associated with North Carolina which posted AI generated images changed to posting AI generated images of hurricane damage after Hurricane Helene hit North Carolina (T0151.003: Online Community Page, T0151.001: Social Media Platform, T0115: Post Content, T0086.002: Develop AI-Generated Images (Deepfakes), T0068: Respond to Breaking News Event or Active Crisis).
The account included links (T0122: Direct Users to Alternative Platforms) to an account on Etsy, which sold prints of AI generated images (T0146: Account Asset, T0148.007: eCommerce Platform). |
+| [T0148.007 eCommerce Platform](../../generated_pages/techniques/T0148.007.md) | As families desperately seek to find missing loved ones and communities grapple with immeasurable losses of both life and property in the wake of [2024’s] Hurricane Helene, AI slop scammers appear to be capitalizing on the moment for personal gain.
A Facebook account called "Coastal Views" usually shares calmer AI imagery of nature-filled beachside scenes. The account's banner image showcases a signpost reading "OBX Live," OBX being shorthand for North Carolina's Outer Banks islands.
But starting this weekend, the account shifted its approach dramatically, as first flagged by a social media user on X.
Instead of posting "photos" of leaping dolphins and sandy beaches, the account suddenly started publishing images of flooded mountain neighborhoods, submerged houses, and dogs sitting on top of roofs.
But instead of spreading vital information to those affected by the natural disaster, or at the very least sharing real photos of the destruction, the account is seemingly trying to use AI to cash in on all the attention the hurricane has been getting.
The account links to an Etsy page for a business called" OuterBanks2023," where somebody who goes by "Alexandr" sells AI-generated prints of horses touching snouts with sea turtles, Santa running down the shoreline with a reindeer, and sunsets over ocean waves.
A Facebook page which presented itself as being associated with North Carolina which posted AI generated images changed to posting AI generated images of hurricane damage after Hurricane Helene hit North Carolina (T0151.003: Online Community Page, T0151.001: Social Media Platform, T0115: Post Content, T0086.002: Develop AI-Generated Images (Deepfakes), T0068: Respond to Breaking News Event or Active Crisis).
The account included links (T0122: Direct Users to Alternative Platforms) to an account on Etsy, which sold prints of AI generated images (T0146: Account Asset, T0148.007: eCommerce Platform). |
+| [T0151.001 Social Media Platform](../../generated_pages/techniques/T0151.001.md) | As families desperately seek to find missing loved ones and communities grapple with immeasurable losses of both life and property in the wake of [2024’s] Hurricane Helene, AI slop scammers appear to be capitalizing on the moment for personal gain.
A Facebook account called "Coastal Views" usually shares calmer AI imagery of nature-filled beachside scenes. The account's banner image showcases a signpost reading "OBX Live," OBX being shorthand for North Carolina's Outer Banks islands.
But starting this weekend, the account shifted its approach dramatically, as first flagged by a social media user on X.
Instead of posting "photos" of leaping dolphins and sandy beaches, the account suddenly started publishing images of flooded mountain neighborhoods, submerged houses, and dogs sitting on top of roofs.
But instead of spreading vital information to those affected by the natural disaster, or at the very least sharing real photos of the destruction, the account is seemingly trying to use AI to cash in on all the attention the hurricane has been getting.
The account links to an Etsy page for a business called" OuterBanks2023," where somebody who goes by "Alexandr" sells AI-generated prints of horses touching snouts with sea turtles, Santa running down the shoreline with a reindeer, and sunsets over ocean waves.
A Facebook page which presented itself as being associated with North Carolina which posted AI generated images changed to posting AI generated images of hurricane damage after Hurricane Helene hit North Carolina (T0151.003: Online Community Page, T0151.001: Social Media Platform, T0115: Post Content, T0086.002: Develop AI-Generated Images (Deepfakes), T0068: Respond to Breaking News Event or Active Crisis).
The account included links (T0122: Direct Users to Alternative Platforms) to an account on Etsy, which sold prints of AI generated images (T0146: Account Asset, T0148.007: eCommerce Platform). |
+| [T0151.003 Online Community Page](../../generated_pages/techniques/T0151.003.md) | As families desperately seek to find missing loved ones and communities grapple with immeasurable losses of both life and property in the wake of [2024’s] Hurricane Helene, AI slop scammers appear to be capitalizing on the moment for personal gain.
A Facebook account called "Coastal Views" usually shares calmer AI imagery of nature-filled beachside scenes. The account's banner image showcases a signpost reading "OBX Live," OBX being shorthand for North Carolina's Outer Banks islands.
But starting this weekend, the account shifted its approach dramatically, as first flagged by a social media user on X.
Instead of posting "photos" of leaping dolphins and sandy beaches, the account suddenly started publishing images of flooded mountain neighborhoods, submerged houses, and dogs sitting on top of roofs.
But instead of spreading vital information to those affected by the natural disaster, or at the very least sharing real photos of the destruction, the account is seemingly trying to use AI to cash in on all the attention the hurricane has been getting.
The account links to an Etsy page for a business called" OuterBanks2023," where somebody who goes by "Alexandr" sells AI-generated prints of horses touching snouts with sea turtles, Santa running down the shoreline with a reindeer, and sunsets over ocean waves.
A Facebook page which presented itself as being associated with North Carolina which posted AI generated images changed to posting AI generated images of hurricane damage after Hurricane Helene hit North Carolina (T0151.003: Online Community Page, T0151.001: Social Media Platform, T0115: Post Content, T0086.002: Develop AI-Generated Images (Deepfakes), T0068: Respond to Breaking News Event or Active Crisis).
The account included links (T0122: Direct Users to Alternative Platforms) to an account on Etsy, which sold prints of AI generated images (T0146: Account Asset, T0148.007: eCommerce Platform). |
DO NOT EDIT ABOVE THIS LINE - PLEASE ADD NOTES BELOW
\ No newline at end of file
diff --git a/generated_pages/incidents/I00107.md b/generated_pages/incidents/I00107.md
index ce9f99e..d008c9d 100644
--- a/generated_pages/incidents/I00107.md
+++ b/generated_pages/incidents/I00107.md
@@ -21,10 +21,10 @@
| Technique | Description given for this incident |
| --------- | ------------------------- |
-| [T0097.202 News Outlet Persona](../../generated_pages/techniques/T0097.202.md) | IT00000409 The Moscow firm Social Design Agency (SDA) has been attributed as being behind a Russian disinformation project known as Doppelganger:
The SDA’s deception work first surfaced in 2022, likely almost immediately after Doppelganger got off the ground. In April of that year, Meta, the parent company of Facebook and Instagram, disclosed in a quarterly report that it had removed from its platforms “a network of about 200 accounts operated from Russia.” By August 2022, German investigative journalists revealed that they had discovered forgeries of about 30 news sites, including many of the country’s biggest media outlets—Frankfurter Allgemeine, Der Spiegel, and Bild—but also Britain’s Daily Mail and France’s 20 Minutes. The sites had deceptive URLs such as www-dailymail-co-uk.dailymail.top.
As part of the SDA’s work, they created many websites which impersonated existing media outlets. Sites used domain impersonation tactics to increase perceived legitimacy of their impersonations (T0097.202: News Outlet Persona, T0143.003: Impersonated Persona, T0152.003: Website Hosting Platform, T0149.003: Lookalike Domain). |
-| [T0143.003 Impersonated Persona](../../generated_pages/techniques/T0143.003.md) | IT00000408 The Moscow firm Social Design Agency (SDA) has been attributed as being behind a Russian disinformation project known as Doppelganger:
The SDA’s deception work first surfaced in 2022, likely almost immediately after Doppelganger got off the ground. In April of that year, Meta, the parent company of Facebook and Instagram, disclosed in a quarterly report that it had removed from its platforms “a network of about 200 accounts operated from Russia.” By August 2022, German investigative journalists revealed that they had discovered forgeries of about 30 news sites, including many of the country’s biggest media outlets—Frankfurter Allgemeine, Der Spiegel, and Bild—but also Britain’s Daily Mail and France’s 20 Minutes. The sites had deceptive URLs such as www-dailymail-co-uk.dailymail.top.
As part of the SDA’s work, they created many websites which impersonated existing media outlets. Sites used domain impersonation tactics to increase perceived legitimacy of their impersonations (T0097.202: News Outlet Persona, T0143.003: Impersonated Persona, T0152.003: Website Hosting Platform, T0149.003: Lookalike Domain). |
-| [T0149.003 Lookalike Domain](../../generated_pages/techniques/T0149.003.md) | IT00000407 The Moscow firm Social Design Agency (SDA) has been attributed as being behind a Russian disinformation project known as Doppelganger:
The SDA’s deception work first surfaced in 2022, likely almost immediately after Doppelganger got off the ground. In April of that year, Meta, the parent company of Facebook and Instagram, disclosed in a quarterly report that it had removed from its platforms “a network of about 200 accounts operated from Russia.” By August 2022, German investigative journalists revealed that they had discovered forgeries of about 30 news sites, including many of the country’s biggest media outlets—Frankfurter Allgemeine, Der Spiegel, and Bild—but also Britain’s Daily Mail and France’s 20 Minutes. The sites had deceptive URLs such as www-dailymail-co-uk.dailymail.top.
As part of the SDA’s work, they created many websites which impersonated existing media outlets. Sites used domain impersonation tactics to increase perceived legitimacy of their impersonations (T0097.202: News Outlet Persona, T0143.003: Impersonated Persona, T0152.003: Website Hosting Platform, T0149.003: Lookalike Domain). |
-| [T0152.003 Website Hosting Platform](../../generated_pages/techniques/T0152.003.md) | IT00000406 The Moscow firm Social Design Agency (SDA) has been attributed as being behind a Russian disinformation project known as Doppelganger:
The SDA’s deception work first surfaced in 2022, likely almost immediately after Doppelganger got off the ground. In April of that year, Meta, the parent company of Facebook and Instagram, disclosed in a quarterly report that it had removed from its platforms “a network of about 200 accounts operated from Russia.” By August 2022, German investigative journalists revealed that they had discovered forgeries of about 30 news sites, including many of the country’s biggest media outlets—Frankfurter Allgemeine, Der Spiegel, and Bild—but also Britain’s Daily Mail and France’s 20 Minutes. The sites had deceptive URLs such as www-dailymail-co-uk.dailymail.top.
As part of the SDA’s work, they created many websites which impersonated existing media outlets. Sites used domain impersonation tactics to increase perceived legitimacy of their impersonations (T0097.202: News Outlet Persona, T0143.003: Impersonated Persona, T0152.003: Website Hosting Platform, T0149.003: Lookalike Domain). |
+| [T0097.202 News Outlet Persona](../../generated_pages/techniques/T0097.202.md) | The Moscow firm Social Design Agency (SDA) has been attributed as being behind a Russian disinformation project known as Doppelganger:
The SDA’s deception work first surfaced in 2022, likely almost immediately after Doppelganger got off the ground. In April of that year, Meta, the parent company of Facebook and Instagram, disclosed in a quarterly report that it had removed from its platforms “a network of about 200 accounts operated from Russia.” By August 2022, German investigative journalists revealed that they had discovered forgeries of about 30 news sites, including many of the country’s biggest media outlets—Frankfurter Allgemeine, Der Spiegel, and Bild—but also Britain’s Daily Mail and France’s 20 Minutes. The sites had deceptive URLs such as www-dailymail-co-uk.dailymail.top.
As part of the SDA’s work, they created many websites which impersonated existing media outlets. Sites used domain impersonation tactics to increase perceived legitimacy of their impersonations (T0097.202: News Outlet Persona, T0143.003: Impersonated Persona, T0152.003: Website Hosting Platform, T0149.003: Lookalike Domain). |
+| [T0143.003 Impersonated Persona](../../generated_pages/techniques/T0143.003.md) | The Moscow firm Social Design Agency (SDA) has been attributed as being behind a Russian disinformation project known as Doppelganger:
The SDA’s deception work first surfaced in 2022, likely almost immediately after Doppelganger got off the ground. In April of that year, Meta, the parent company of Facebook and Instagram, disclosed in a quarterly report that it had removed from its platforms “a network of about 200 accounts operated from Russia.” By August 2022, German investigative journalists revealed that they had discovered forgeries of about 30 news sites, including many of the country’s biggest media outlets—Frankfurter Allgemeine, Der Spiegel, and Bild—but also Britain’s Daily Mail and France’s 20 Minutes. The sites had deceptive URLs such as www-dailymail-co-uk.dailymail.top.
As part of the SDA’s work, they created many websites which impersonated existing media outlets. Sites used domain impersonation tactics to increase perceived legitimacy of their impersonations (T0097.202: News Outlet Persona, T0143.003: Impersonated Persona, T0152.003: Website Hosting Platform, T0149.003: Lookalike Domain). |
+| [T0149.003 Lookalike Domain](../../generated_pages/techniques/T0149.003.md) | The Moscow firm Social Design Agency (SDA) has been attributed as being behind a Russian disinformation project known as Doppelganger:
The SDA’s deception work first surfaced in 2022, likely almost immediately after Doppelganger got off the ground. In April of that year, Meta, the parent company of Facebook and Instagram, disclosed in a quarterly report that it had removed from its platforms “a network of about 200 accounts operated from Russia.” By August 2022, German investigative journalists revealed that they had discovered forgeries of about 30 news sites, including many of the country’s biggest media outlets—Frankfurter Allgemeine, Der Spiegel, and Bild—but also Britain’s Daily Mail and France’s 20 Minutes. The sites had deceptive URLs such as www-dailymail-co-uk.dailymail.top.
As part of the SDA’s work, they created many websites which impersonated existing media outlets. Sites used domain impersonation tactics to increase perceived legitimacy of their impersonations (T0097.202: News Outlet Persona, T0143.003: Impersonated Persona, T0152.003: Website Hosting Platform, T0149.003: Lookalike Domain). |
+| [T0152.003 Website Hosting Platform](../../generated_pages/techniques/T0152.003.md) | The Moscow firm Social Design Agency (SDA) has been attributed as being behind a Russian disinformation project known as Doppelganger:
The SDA’s deception work first surfaced in 2022, likely almost immediately after Doppelganger got off the ground. In April of that year, Meta, the parent company of Facebook and Instagram, disclosed in a quarterly report that it had removed from its platforms “a network of about 200 accounts operated from Russia.” By August 2022, German investigative journalists revealed that they had discovered forgeries of about 30 news sites, including many of the country’s biggest media outlets—Frankfurter Allgemeine, Der Spiegel, and Bild—but also Britain’s Daily Mail and France’s 20 Minutes. The sites had deceptive URLs such as www-dailymail-co-uk.dailymail.top.
As part of the SDA’s work, they created many websites which impersonated existing media outlets. Sites used domain impersonation tactics to increase perceived legitimacy of their impersonations (T0097.202: News Outlet Persona, T0143.003: Impersonated Persona, T0152.003: Website Hosting Platform, T0149.003: Lookalike Domain). |
DO NOT EDIT ABOVE THIS LINE - PLEASE ADD NOTES BELOW
\ No newline at end of file
diff --git a/generated_pages/incidents/I00108.md b/generated_pages/incidents/I00108.md
index 90a5a97..e29de39 100644
--- a/generated_pages/incidents/I00108.md
+++ b/generated_pages/incidents/I00108.md
@@ -21,14 +21,14 @@
| Technique | Description given for this incident |
| --------- | ------------------------- |
-| [T0092 Build Network](../../generated_pages/techniques/T0092.md) | IT00000410 This article examines the white nationalist group Suavelos’ use of Facebook to draw visitors to its website without overtly revealing their racist ideology:
Suavelos uses Facebook and other platforms to amplify its message. In order to bypass the platforms’ community standards and keep their public pages active, Facebook pages such as “I support the police” are a good vehicle to spread a specific agenda without claiming to be racist. In looking back at this Facebook page, we followed Facebook’s algorithm for related pages and found suggested Facebook pages
[...]
This amplification strategy on Facebook is successful, as according to SimilarWeb figures, it attracts around 111,000 visits every month on the Suavelos.eu website.
[...]
Revenue through online advertisements can be achieved by different platforms through targeted advertisements, like Google Adsense or Doubleclick, or related and similar sponsored content, such as Taboola. Accordingly, Suavelos.eu uses both of these websites to display advertisements and consequently receives funding from such advertisements.
Once visitors are on the website supporting its advertisement revenue, Suavelos’ goal is to then turn these visitors into regular members of Suavelos network through donations or fees, or have them continue to support Suavelos.
Suevelos created a variety of pages on Facebook which presented as centring on prosocial causes. Facebook’s algorithm helped direct users to these pages (T0092: Build Network, T0151.001: Social Media Platform, T0153.006: Content Recommendation Algorithm, T0151.003: Online Community Page, T0143.208: Social Cause Persona).
Suevelos used these pages to generate traffic for their WordPress site (T0122: Direct Users to Alternative Platforms, T0152.003: Website Hosting Platform, T0152.004: Website Asset), which used accounts on a variety of online advertising platforms to host adverts (T0146: Account Asset, T0153.005: Online Advertising Platform). |
-| [T0122 Direct Users to Alternative Platforms](../../generated_pages/techniques/T0122.md) | IT00000415 This article examines the white nationalist group Suavelos’ use of Facebook to draw visitors to its website without overtly revealing their racist ideology:
Suavelos uses Facebook and other platforms to amplify its message. In order to bypass the platforms’ community standards and keep their public pages active, Facebook pages such as “I support the police” are a good vehicle to spread a specific agenda without claiming to be racist. In looking back at this Facebook page, we followed Facebook’s algorithm for related pages and found suggested Facebook pages
[...]
This amplification strategy on Facebook is successful, as according to SimilarWeb figures, it attracts around 111,000 visits every month on the Suavelos.eu website.
[...]
Revenue through online advertisements can be achieved by different platforms through targeted advertisements, like Google Adsense or Doubleclick, or related and similar sponsored content, such as Taboola. Accordingly, Suavelos.eu uses both of these websites to display advertisements and consequently receives funding from such advertisements.
Once visitors are on the website supporting its advertisement revenue, Suavelos’ goal is to then turn these visitors into regular members of Suavelos network through donations or fees, or have them continue to support Suavelos.
Suevelos created a variety of pages on Facebook which presented as centring on prosocial causes. Facebook’s algorithm helped direct users to these pages (T0092: Build Network, T0151.001: Social Media Platform, T0153.006: Content Recommendation Algorithm, T0151.003: Online Community Page, T0143.208: Social Cause Persona).
Suevelos used these pages to generate traffic for their WordPress site (T0122: Direct Users to Alternative Platforms, T0152.003: Website Hosting Platform, T0152.004: Website Asset), which used accounts on a variety of online advertising platforms to host adverts (T0146: Account Asset, T0153.005: Online Advertising Platform). |
-| [T0151.001 Social Media Platform](../../generated_pages/techniques/T0151.001.md) | IT00000411 This article examines the white nationalist group Suavelos’ use of Facebook to draw visitors to its website without overtly revealing their racist ideology:
Suavelos uses Facebook and other platforms to amplify its message. In order to bypass the platforms’ community standards and keep their public pages active, Facebook pages such as “I support the police” are a good vehicle to spread a specific agenda without claiming to be racist. In looking back at this Facebook page, we followed Facebook’s algorithm for related pages and found suggested Facebook pages
[...]
This amplification strategy on Facebook is successful, as according to SimilarWeb figures, it attracts around 111,000 visits every month on the Suavelos.eu website.
[...]
Revenue through online advertisements can be achieved by different platforms through targeted advertisements, like Google Adsense or Doubleclick, or related and similar sponsored content, such as Taboola. Accordingly, Suavelos.eu uses both of these websites to display advertisements and consequently receives funding from such advertisements.
Once visitors are on the website supporting its advertisement revenue, Suavelos’ goal is to then turn these visitors into regular members of Suavelos network through donations or fees, or have them continue to support Suavelos.
Suevelos created a variety of pages on Facebook which presented as centring on prosocial causes. Facebook’s algorithm helped direct users to these pages (T0092: Build Network, T0151.001: Social Media Platform, T0153.006: Content Recommendation Algorithm, T0151.003: Online Community Page, T0143.208: Social Cause Persona).
Suevelos used these pages to generate traffic for their WordPress site (T0122: Direct Users to Alternative Platforms, T0152.003: Website Hosting Platform, T0152.004: Website Asset), which used accounts on a variety of online advertising platforms to host adverts (T0146: Account Asset, T0153.005: Online Advertising Platform). |
-| [T0151.003 Online Community Page](../../generated_pages/techniques/T0151.003.md) | IT00000413 This article examines the white nationalist group Suavelos’ use of Facebook to draw visitors to its website without overtly revealing their racist ideology:
Suavelos uses Facebook and other platforms to amplify its message. In order to bypass the platforms’ community standards and keep their public pages active, Facebook pages such as “I support the police” are a good vehicle to spread a specific agenda without claiming to be racist. In looking back at this Facebook page, we followed Facebook’s algorithm for related pages and found suggested Facebook pages
[...]
This amplification strategy on Facebook is successful, as according to SimilarWeb figures, it attracts around 111,000 visits every month on the Suavelos.eu website.
[...]
Revenue through online advertisements can be achieved by different platforms through targeted advertisements, like Google Adsense or Doubleclick, or related and similar sponsored content, such as Taboola. Accordingly, Suavelos.eu uses both of these websites to display advertisements and consequently receives funding from such advertisements.
Once visitors are on the website supporting its advertisement revenue, Suavelos’ goal is to then turn these visitors into regular members of Suavelos network through donations or fees, or have them continue to support Suavelos.
Suevelos created a variety of pages on Facebook which presented as centring on prosocial causes. Facebook’s algorithm helped direct users to these pages (T0092: Build Network, T0151.001: Social Media Platform, T0153.006: Content Recommendation Algorithm, T0151.003: Online Community Page, T0143.208: Social Cause Persona).
Suevelos used these pages to generate traffic for their WordPress site (T0122: Direct Users to Alternative Platforms, T0152.003: Website Hosting Platform, T0152.004: Website Asset), which used accounts on a variety of online advertising platforms to host adverts (T0146: Account Asset, T0153.005: Online Advertising Platform). |
-| [T0152.003 Website Hosting Platform](../../generated_pages/techniques/T0152.003.md) | IT00000416 This article examines the white nationalist group Suavelos’ use of Facebook to draw visitors to its website without overtly revealing their racist ideology:
Suavelos uses Facebook and other platforms to amplify its message. In order to bypass the platforms’ community standards and keep their public pages active, Facebook pages such as “I support the police” are a good vehicle to spread a specific agenda without claiming to be racist. In looking back at this Facebook page, we followed Facebook’s algorithm for related pages and found suggested Facebook pages
[...]
This amplification strategy on Facebook is successful, as according to SimilarWeb figures, it attracts around 111,000 visits every month on the Suavelos.eu website.
[...]
Revenue through online advertisements can be achieved by different platforms through targeted advertisements, like Google Adsense or Doubleclick, or related and similar sponsored content, such as Taboola. Accordingly, Suavelos.eu uses both of these websites to display advertisements and consequently receives funding from such advertisements.
Once visitors are on the website supporting its advertisement revenue, Suavelos’ goal is to then turn these visitors into regular members of Suavelos network through donations or fees, or have them continue to support Suavelos.
Suevelos created a variety of pages on Facebook which presented as centring on prosocial causes. Facebook’s algorithm helped direct users to these pages (T0092: Build Network, T0151.001: Social Media Platform, T0153.006: Content Recommendation Algorithm, T0151.003: Online Community Page, T0143.208: Social Cause Persona).
Suevelos used these pages to generate traffic for their WordPress site (T0122: Direct Users to Alternative Platforms, T0152.003: Website Hosting Platform, T0152.004: Website Asset), which used accounts on a variety of online advertising platforms to host adverts (T0146: Account Asset, T0153.005: Online Advertising Platform). |
-| [T0152.004 Website Asset](../../generated_pages/techniques/T0152.004.md) | IT00000417 This article examines the white nationalist group Suavelos’ use of Facebook to draw visitors to its website without overtly revealing their racist ideology:
Suavelos uses Facebook and other platforms to amplify its message. In order to bypass the platforms’ community standards and keep their public pages active, Facebook pages such as “I support the police” are a good vehicle to spread a specific agenda without claiming to be racist. In looking back at this Facebook page, we followed Facebook’s algorithm for related pages and found suggested Facebook pages
[...]
This amplification strategy on Facebook is successful, as according to SimilarWeb figures, it attracts around 111,000 visits every month on the Suavelos.eu website.
[...]
Revenue through online advertisements can be achieved by different platforms through targeted advertisements, like Google Adsense or Doubleclick, or related and similar sponsored content, such as Taboola. Accordingly, Suavelos.eu uses both of these websites to display advertisements and consequently receives funding from such advertisements.
Once visitors are on the website supporting its advertisement revenue, Suavelos’ goal is to then turn these visitors into regular members of Suavelos network through donations or fees, or have them continue to support Suavelos.
Suevelos created a variety of pages on Facebook which presented as centring on prosocial causes. Facebook’s algorithm helped direct users to these pages (T0092: Build Network, T0151.001: Social Media Platform, T0153.006: Content Recommendation Algorithm, T0151.003: Online Community Page, T0143.208: Social Cause Persona).
Suevelos used these pages to generate traffic for their WordPress site (T0122: Direct Users to Alternative Platforms, T0152.003: Website Hosting Platform, T0152.004: Website Asset), which used accounts on a variety of online advertising platforms to host adverts (T0146: Account Asset, T0153.005: Online Advertising Platform). |
-| [T0153.005 Online Advertising Platform](../../generated_pages/techniques/T0153.005.md) | IT00000418 This article examines the white nationalist group Suavelos’ use of Facebook to draw visitors to its website without overtly revealing their racist ideology:
Suavelos uses Facebook and other platforms to amplify its message. In order to bypass the platforms’ community standards and keep their public pages active, Facebook pages such as “I support the police” are a good vehicle to spread a specific agenda without claiming to be racist. In looking back at this Facebook page, we followed Facebook’s algorithm for related pages and found suggested Facebook pages
[...]
This amplification strategy on Facebook is successful, as according to SimilarWeb figures, it attracts around 111,000 visits every month on the Suavelos.eu website.
[...]
Revenue through online advertisements can be achieved by different platforms through targeted advertisements, like Google Adsense or Doubleclick, or related and similar sponsored content, such as Taboola. Accordingly, Suavelos.eu uses both of these websites to display advertisements and consequently receives funding from such advertisements.
Once visitors are on the website supporting its advertisement revenue, Suavelos’ goal is to then turn these visitors into regular members of Suavelos network through donations or fees, or have them continue to support Suavelos.
Suevelos created a variety of pages on Facebook which presented as centring on prosocial causes. Facebook’s algorithm helped direct users to these pages (T0092: Build Network, T0151.001: Social Media Platform, T0153.006: Content Recommendation Algorithm, T0151.003: Online Community Page, T0143.208: Social Cause Persona).
Suevelos used these pages to generate traffic for their WordPress site (T0122: Direct Users to Alternative Platforms, T0152.003: Website Hosting Platform, T0152.004: Website Asset), which used accounts on a variety of online advertising platforms to host adverts (T0146: Account Asset, T0153.005: Online Advertising Platform). |
-| [T0153.006 Content Recommendation Algorithm](../../generated_pages/techniques/T0153.006.md) | IT00000412 This article examines the white nationalist group Suavelos’ use of Facebook to draw visitors to its website without overtly revealing their racist ideology:
Suavelos uses Facebook and other platforms to amplify its message. In order to bypass the platforms’ community standards and keep their public pages active, Facebook pages such as “I support the police” are a good vehicle to spread a specific agenda without claiming to be racist. In looking back at this Facebook page, we followed Facebook’s algorithm for related pages and found suggested Facebook pages
[...]
This amplification strategy on Facebook is successful, as according to SimilarWeb figures, it attracts around 111,000 visits every month on the Suavelos.eu website.
[...]
Revenue through online advertisements can be achieved by different platforms through targeted advertisements, like Google Adsense or Doubleclick, or related and similar sponsored content, such as Taboola. Accordingly, Suavelos.eu uses both of these websites to display advertisements and consequently receives funding from such advertisements.
Once visitors are on the website supporting its advertisement revenue, Suavelos’ goal is to then turn these visitors into regular members of Suavelos network through donations or fees, or have them continue to support Suavelos.
Suevelos created a variety of pages on Facebook which presented as centring on prosocial causes. Facebook’s algorithm helped direct users to these pages (T0092: Build Network, T0151.001: Social Media Platform, T0153.006: Content Recommendation Algorithm, T0151.003: Online Community Page, T0143.208: Social Cause Persona).
Suevelos used these pages to generate traffic for their WordPress site (T0122: Direct Users to Alternative Platforms, T0152.003: Website Hosting Platform, T0152.004: Website Asset), which used accounts on a variety of online advertising platforms to host adverts (T0146: Account Asset, T0153.005: Online Advertising Platform). |
+| [T0092 Build Network](../../generated_pages/techniques/T0092.md) | This article examines the white nationalist group Suavelos’ use of Facebook to draw visitors to its website without overtly revealing their racist ideology:
Suavelos uses Facebook and other platforms to amplify its message. In order to bypass the platforms’ community standards and keep their public pages active, Facebook pages such as “I support the police” are a good vehicle to spread a specific agenda without claiming to be racist. In looking back at this Facebook page, we followed Facebook’s algorithm for related pages and found suggested Facebook pages
[...]
This amplification strategy on Facebook is successful, as according to SimilarWeb figures, it attracts around 111,000 visits every month on the Suavelos.eu website.
[...]
Revenue through online advertisements can be achieved by different platforms through targeted advertisements, like Google Adsense or Doubleclick, or related and similar sponsored content, such as Taboola. Accordingly, Suavelos.eu uses both of these websites to display advertisements and consequently receives funding from such advertisements.
Once visitors are on the website supporting its advertisement revenue, Suavelos’ goal is to then turn these visitors into regular members of Suavelos network through donations or fees, or have them continue to support Suavelos.
Suevelos created a variety of pages on Facebook which presented as centring on prosocial causes. Facebook’s algorithm helped direct users to these pages (T0092: Build Network, T0151.001: Social Media Platform, T0153.006: Content Recommendation Algorithm, T0151.003: Online Community Page, T0143.208: Social Cause Persona).
Suevelos used these pages to generate traffic for their WordPress site (T0122: Direct Users to Alternative Platforms, T0152.003: Website Hosting Platform, T0152.004: Website Asset), which used accounts on a variety of online advertising platforms to host adverts (T0146: Account Asset, T0153.005: Online Advertising Platform). |
+| [T0122 Direct Users to Alternative Platforms](../../generated_pages/techniques/T0122.md) | This article examines the white nationalist group Suavelos’ use of Facebook to draw visitors to its website without overtly revealing their racist ideology:
Suavelos uses Facebook and other platforms to amplify its message. In order to bypass the platforms’ community standards and keep their public pages active, Facebook pages such as “I support the police” are a good vehicle to spread a specific agenda without claiming to be racist. In looking back at this Facebook page, we followed Facebook’s algorithm for related pages and found suggested Facebook pages
[...]
This amplification strategy on Facebook is successful, as according to SimilarWeb figures, it attracts around 111,000 visits every month on the Suavelos.eu website.
[...]
Revenue through online advertisements can be achieved by different platforms through targeted advertisements, like Google Adsense or Doubleclick, or related and similar sponsored content, such as Taboola. Accordingly, Suavelos.eu uses both of these websites to display advertisements and consequently receives funding from such advertisements.
Once visitors are on the website supporting its advertisement revenue, Suavelos’ goal is to then turn these visitors into regular members of Suavelos network through donations or fees, or have them continue to support Suavelos.
Suevelos created a variety of pages on Facebook which presented as centring on prosocial causes. Facebook’s algorithm helped direct users to these pages (T0092: Build Network, T0151.001: Social Media Platform, T0153.006: Content Recommendation Algorithm, T0151.003: Online Community Page, T0143.208: Social Cause Persona).
Suevelos used these pages to generate traffic for their WordPress site (T0122: Direct Users to Alternative Platforms, T0152.003: Website Hosting Platform, T0152.004: Website Asset), which used accounts on a variety of online advertising platforms to host adverts (T0146: Account Asset, T0153.005: Online Advertising Platform). |
+| [T0151.001 Social Media Platform](../../generated_pages/techniques/T0151.001.md) | This article examines the white nationalist group Suavelos’ use of Facebook to draw visitors to its website without overtly revealing their racist ideology:
Suavelos uses Facebook and other platforms to amplify its message. In order to bypass the platforms’ community standards and keep their public pages active, Facebook pages such as “I support the police” are a good vehicle to spread a specific agenda without claiming to be racist. In looking back at this Facebook page, we followed Facebook’s algorithm for related pages and found suggested Facebook pages
[...]
This amplification strategy on Facebook is successful, as according to SimilarWeb figures, it attracts around 111,000 visits every month on the Suavelos.eu website.
[...]
Revenue through online advertisements can be achieved by different platforms through targeted advertisements, like Google Adsense or Doubleclick, or related and similar sponsored content, such as Taboola. Accordingly, Suavelos.eu uses both of these websites to display advertisements and consequently receives funding from such advertisements.
Once visitors are on the website supporting its advertisement revenue, Suavelos’ goal is to then turn these visitors into regular members of Suavelos network through donations or fees, or have them continue to support Suavelos.
Suevelos created a variety of pages on Facebook which presented as centring on prosocial causes. Facebook’s algorithm helped direct users to these pages (T0092: Build Network, T0151.001: Social Media Platform, T0153.006: Content Recommendation Algorithm, T0151.003: Online Community Page, T0143.208: Social Cause Persona).
Suevelos used these pages to generate traffic for their WordPress site (T0122: Direct Users to Alternative Platforms, T0152.003: Website Hosting Platform, T0152.004: Website Asset), which used accounts on a variety of online advertising platforms to host adverts (T0146: Account Asset, T0153.005: Online Advertising Platform). |
+| [T0151.003 Online Community Page](../../generated_pages/techniques/T0151.003.md) | This article examines the white nationalist group Suavelos’ use of Facebook to draw visitors to its website without overtly revealing their racist ideology:
Suavelos uses Facebook and other platforms to amplify its message. In order to bypass the platforms’ community standards and keep their public pages active, Facebook pages such as “I support the police” are a good vehicle to spread a specific agenda without claiming to be racist. In looking back at this Facebook page, we followed Facebook’s algorithm for related pages and found suggested Facebook pages
[...]
This amplification strategy on Facebook is successful, as according to SimilarWeb figures, it attracts around 111,000 visits every month on the Suavelos.eu website.
[...]
Revenue through online advertisements can be achieved by different platforms through targeted advertisements, like Google Adsense or Doubleclick, or related and similar sponsored content, such as Taboola. Accordingly, Suavelos.eu uses both of these websites to display advertisements and consequently receives funding from such advertisements.
Once visitors are on the website supporting its advertisement revenue, Suavelos’ goal is to then turn these visitors into regular members of Suavelos network through donations or fees, or have them continue to support Suavelos.
Suevelos created a variety of pages on Facebook which presented as centring on prosocial causes. Facebook’s algorithm helped direct users to these pages (T0092: Build Network, T0151.001: Social Media Platform, T0153.006: Content Recommendation Algorithm, T0151.003: Online Community Page, T0143.208: Social Cause Persona).
Suevelos used these pages to generate traffic for their WordPress site (T0122: Direct Users to Alternative Platforms, T0152.003: Website Hosting Platform, T0152.004: Website Asset), which used accounts on a variety of online advertising platforms to host adverts (T0146: Account Asset, T0153.005: Online Advertising Platform). |
+| [T0152.003 Website Hosting Platform](../../generated_pages/techniques/T0152.003.md) | This article examines the white nationalist group Suavelos’ use of Facebook to draw visitors to its website without overtly revealing their racist ideology:
Suavelos uses Facebook and other platforms to amplify its message. In order to bypass the platforms’ community standards and keep their public pages active, Facebook pages such as “I support the police” are a good vehicle to spread a specific agenda without claiming to be racist. In looking back at this Facebook page, we followed Facebook’s algorithm for related pages and found suggested Facebook pages
[...]
This amplification strategy on Facebook is successful, as according to SimilarWeb figures, it attracts around 111,000 visits every month on the Suavelos.eu website.
[...]
Revenue through online advertisements can be achieved by different platforms through targeted advertisements, like Google Adsense or Doubleclick, or related and similar sponsored content, such as Taboola. Accordingly, Suavelos.eu uses both of these websites to display advertisements and consequently receives funding from such advertisements.
Once visitors are on the website supporting its advertisement revenue, Suavelos’ goal is to then turn these visitors into regular members of Suavelos network through donations or fees, or have them continue to support Suavelos.
Suevelos created a variety of pages on Facebook which presented as centring on prosocial causes. Facebook’s algorithm helped direct users to these pages (T0092: Build Network, T0151.001: Social Media Platform, T0153.006: Content Recommendation Algorithm, T0151.003: Online Community Page, T0143.208: Social Cause Persona).
Suevelos used these pages to generate traffic for their WordPress site (T0122: Direct Users to Alternative Platforms, T0152.003: Website Hosting Platform, T0152.004: Website Asset), which used accounts on a variety of online advertising platforms to host adverts (T0146: Account Asset, T0153.005: Online Advertising Platform). |
+| [T0152.004 Website Asset](../../generated_pages/techniques/T0152.004.md) | This article examines the white nationalist group Suavelos’ use of Facebook to draw visitors to its website without overtly revealing their racist ideology:
Suavelos uses Facebook and other platforms to amplify its message. In order to bypass the platforms’ community standards and keep their public pages active, Facebook pages such as “I support the police” are a good vehicle to spread a specific agenda without claiming to be racist. In looking back at this Facebook page, we followed Facebook’s algorithm for related pages and found suggested Facebook pages
[...]
This amplification strategy on Facebook is successful, as according to SimilarWeb figures, it attracts around 111,000 visits every month on the Suavelos.eu website.
[...]
Revenue through online advertisements can be achieved by different platforms through targeted advertisements, like Google Adsense or Doubleclick, or related and similar sponsored content, such as Taboola. Accordingly, Suavelos.eu uses both of these websites to display advertisements and consequently receives funding from such advertisements.
Once visitors are on the website supporting its advertisement revenue, Suavelos’ goal is to then turn these visitors into regular members of Suavelos network through donations or fees, or have them continue to support Suavelos.
Suevelos created a variety of pages on Facebook which presented as centring on prosocial causes. Facebook’s algorithm helped direct users to these pages (T0092: Build Network, T0151.001: Social Media Platform, T0153.006: Content Recommendation Algorithm, T0151.003: Online Community Page, T0143.208: Social Cause Persona).
Suevelos used these pages to generate traffic for their WordPress site (T0122: Direct Users to Alternative Platforms, T0152.003: Website Hosting Platform, T0152.004: Website Asset), which used accounts on a variety of online advertising platforms to host adverts (T0146: Account Asset, T0153.005: Online Advertising Platform). |
+| [T0153.005 Online Advertising Platform](../../generated_pages/techniques/T0153.005.md) | This article examines the white nationalist group Suavelos’ use of Facebook to draw visitors to its website without overtly revealing their racist ideology:
Suavelos uses Facebook and other platforms to amplify its message. In order to bypass the platforms’ community standards and keep their public pages active, Facebook pages such as “I support the police” are a good vehicle to spread a specific agenda without claiming to be racist. In looking back at this Facebook page, we followed Facebook’s algorithm for related pages and found suggested Facebook pages
[...]
This amplification strategy on Facebook is successful, as according to SimilarWeb figures, it attracts around 111,000 visits every month on the Suavelos.eu website.
[...]
Revenue through online advertisements can be achieved by different platforms through targeted advertisements, like Google Adsense or Doubleclick, or related and similar sponsored content, such as Taboola. Accordingly, Suavelos.eu uses both of these websites to display advertisements and consequently receives funding from such advertisements.
Once visitors are on the website supporting its advertisement revenue, Suavelos’ goal is to then turn these visitors into regular members of Suavelos network through donations or fees, or have them continue to support Suavelos.
Suevelos created a variety of pages on Facebook which presented as centring on prosocial causes. Facebook’s algorithm helped direct users to these pages (T0092: Build Network, T0151.001: Social Media Platform, T0153.006: Content Recommendation Algorithm, T0151.003: Online Community Page, T0143.208: Social Cause Persona).
Suevelos used these pages to generate traffic for their WordPress site (T0122: Direct Users to Alternative Platforms, T0152.003: Website Hosting Platform, T0152.004: Website Asset), which used accounts on a variety of online advertising platforms to host adverts (T0146: Account Asset, T0153.005: Online Advertising Platform). |
+| [T0153.006 Content Recommendation Algorithm](../../generated_pages/techniques/T0153.006.md) | This article examines the white nationalist group Suavelos’ use of Facebook to draw visitors to its website without overtly revealing their racist ideology:
Suavelos uses Facebook and other platforms to amplify its message. In order to bypass the platforms’ community standards and keep their public pages active, Facebook pages such as “I support the police” are a good vehicle to spread a specific agenda without claiming to be racist. In looking back at this Facebook page, we followed Facebook’s algorithm for related pages and found suggested Facebook pages
[...]
This amplification strategy on Facebook is successful, as according to SimilarWeb figures, it attracts around 111,000 visits every month on the Suavelos.eu website.
[...]
Revenue through online advertisements can be achieved by different platforms through targeted advertisements, like Google Adsense or Doubleclick, or related and similar sponsored content, such as Taboola. Accordingly, Suavelos.eu uses both of these websites to display advertisements and consequently receives funding from such advertisements.
Once visitors are on the website supporting its advertisement revenue, Suavelos’ goal is to then turn these visitors into regular members of Suavelos network through donations or fees, or have them continue to support Suavelos.
Suevelos created a variety of pages on Facebook which presented as centring on prosocial causes. Facebook’s algorithm helped direct users to these pages (T0092: Build Network, T0151.001: Social Media Platform, T0153.006: Content Recommendation Algorithm, T0151.003: Online Community Page, T0143.208: Social Cause Persona).
Suevelos used these pages to generate traffic for their WordPress site (T0122: Direct Users to Alternative Platforms, T0152.003: Website Hosting Platform, T0152.004: Website Asset), which used accounts on a variety of online advertising platforms to host adverts (T0146: Account Asset, T0153.005: Online Advertising Platform). |
DO NOT EDIT ABOVE THIS LINE - PLEASE ADD NOTES BELOW
\ No newline at end of file
diff --git a/generated_pages/incidents/I00109.md b/generated_pages/incidents/I00109.md
index c99825e..0b68a41 100644
--- a/generated_pages/incidents/I00109.md
+++ b/generated_pages/incidents/I00109.md
@@ -21,22 +21,22 @@
| Technique | Description given for this incident |
| --------- | ------------------------- |
-| [T0061 Sell Merchandise](../../generated_pages/techniques/T0061.md) | IT00000430 This report examines the white nationalist group Suavelos’ use of Facebook to draw visitors to its website without overtly revealing their racist ideology. This section of the report looks at technical indicators associated with the Suavelos website, and attributions which can be made as a consequence:
[The Google AdSense tag set up on Suavelos.eu was also found on the following domains, indicating that they are controlled by the same actor;] Alabastro.eu: an online shop to buy “white nationalists” t-shirts [and] ARPAC.eu: the website of a registered non-profit organisation advocating to lift regulation on gun control in France.
Other domains attributed to Suavelos (T0149.001: Domain Asset) reveal a website set up to sell merchandise (T0152.004: Website Asset, T0148.004: Payment Processing Capability, T0061: Sell Merchandise), and a website hosting a registered French non-profit (T0152.004: Website Asset, T0097.207: NGO Persona).
To learn more about the suavelos.eu domain, we collected the following data: The domain is hosted on OVH; The owner’s identity is protected; The IP Address of the server is 94.23.253.173, which is shared with 20 other domains.
The relative low number of websites hosted on this IP address could indicate that they all belong to the same people, and are hosted on the same private server.
Suavelos registered a domain using the web hosting provider OVH (T0149.001: Domain Asset, T0152.003: Website Hosting Platform, T0150.006: Purchased). The site’s IP address reveals a server hosting other domains potentially owned by the actors (T0149.005: Server Asset, T0149.006: IP Address Asset). |
-| [T0097.207 NGO Persona](../../generated_pages/techniques/T0097.207.md) | IT00000431 This report examines the white nationalist group Suavelos’ use of Facebook to draw visitors to its website without overtly revealing their racist ideology. This section of the report looks at technical indicators associated with the Suavelos website, and attributions which can be made as a consequence:
[The Google AdSense tag set up on Suavelos.eu was also found on the following domains, indicating that they are controlled by the same actor;] Alabastro.eu: an online shop to buy “white nationalists” t-shirts [and] ARPAC.eu: the website of a registered non-profit organisation advocating to lift regulation on gun control in France.
Other domains attributed to Suavelos (T0149.001: Domain Asset) reveal a website set up to sell merchandise (T0152.004: Website Asset, T0148.004: Payment Processing Capability, T0061: Sell Merchandise), and a website hosting a registered French non-profit (T0152.004: Website Asset, T0097.207: NGO Persona).
To learn more about the suavelos.eu domain, we collected the following data: The domain is hosted on OVH; The owner’s identity is protected; The IP Address of the server is 94.23.253.173, which is shared with 20 other domains.
The relative low number of websites hosted on this IP address could indicate that they all belong to the same people, and are hosted on the same private server.
Suavelos registered a domain using the web hosting provider OVH (T0149.001: Domain Asset, T0152.003: Website Hosting Platform, T0150.006: Purchased). The site’s IP address reveals a server hosting other domains potentially owned by the actors (T0149.005: Server Asset, T0149.006: IP Address Asset). |
-| [T0146 Account Asset](../../generated_pages/techniques/T0146.md) | IT00000424 This report examines the white nationalist group Suavelos’ use of Facebook to draw visitors to its website without overtly revealing their racist ideology. This section of the report looks at the Suavelos website, and the content it links out to.
In going back to Suavelos’ main page, we also found: A link to a page on a web shop: alabastro.eu; A link to a page to donate money to the founders through Tipee and to the website through PayPal; [and] a link to a private forum that gathers 3.000 members: oppidum.suavelos.eu;
Suavelos linked out to an online store which it controlled (T0152.004: Website Asset, T0148.004: Payment Processing Capability), and to accounts on payment processing platforms PayPal and Tipee (T0146: Account Asset, T0148.003: Payment Processing Platform).
The Suavelos website also hosted a private forum (T0151.009: Legacy Online Forum Platform, T0155: Gated Asset), and linked out to a variety of assets it controlled on other online platforms: accounts on Twitter (T0146: Account Asset, T0151.008: Microblogging Platform), YouTube (T0146: Account Asset, T0152.006: Video Platform), Instagram and VKontakte (T0146: Account Asset, T0151.001: Social Media Platform). |
-| [T0148.003 Payment Processing Platform](../../generated_pages/techniques/T0148.003.md) | IT00000421 This report examines the white nationalist group Suavelos’ use of Facebook to draw visitors to its website without overtly revealing their racist ideology. This section of the report looks at the Suavelos website, and the content it links out to.
In going back to Suavelos’ main page, we also found: A link to a page on a web shop: alabastro.eu; A link to a page to donate money to the founders through Tipee and to the website through PayPal; [and] a link to a private forum that gathers 3.000 members: oppidum.suavelos.eu;
Suavelos linked out to an online store which it controlled (T0152.004: Website Asset, T0148.004: Payment Processing Capability), and to accounts on payment processing platforms PayPal and Tipee (T0146: Account Asset, T0148.003: Payment Processing Platform).
The Suavelos website also hosted a private forum (T0151.009: Legacy Online Forum Platform, T0155: Gated Asset), and linked out to a variety of assets it controlled on other online platforms: accounts on Twitter (T0146: Account Asset, T0151.008: Microblogging Platform), YouTube (T0146: Account Asset, T0152.006: Video Platform), Instagram and VKontakte (T0146: Account Asset, T0151.001: Social Media Platform). |
-| [T0148.004 Payment Processing Capability](../../generated_pages/techniques/T0148.004.md) | IT00000420 This report examines the white nationalist group Suavelos’ use of Facebook to draw visitors to its website without overtly revealing their racist ideology. This section of the report looks at the Suavelos website, and the content it links out to.
In going back to Suavelos’ main page, we also found: A link to a page on a web shop: alabastro.eu; A link to a page to donate money to the founders through Tipee and to the website through PayPal; [and] a link to a private forum that gathers 3.000 members: oppidum.suavelos.eu;
Suavelos linked out to an online store which it controlled (T0152.004: Website Asset, T0148.004: Payment Processing Capability), and to accounts on payment processing platforms PayPal and Tipee (T0146: Account Asset, T0148.003: Payment Processing Platform).
The Suavelos website also hosted a private forum (T0151.009: Legacy Online Forum Platform, T0155: Gated Asset), and linked out to a variety of assets it controlled on other online platforms: accounts on Twitter (T0146: Account Asset, T0151.008: Microblogging Platform), YouTube (T0146: Account Asset, T0152.006: Video Platform), Instagram and VKontakte (T0146: Account Asset, T0151.001: Social Media Platform). |
-| [T0148.004 Payment Processing Capability](../../generated_pages/techniques/T0148.004.md) | IT00000429 This report examines the white nationalist group Suavelos’ use of Facebook to draw visitors to its website without overtly revealing their racist ideology. This section of the report looks at technical indicators associated with the Suavelos website, and attributions which can be made as a consequence:
[The Google AdSense tag set up on Suavelos.eu was also found on the following domains, indicating that they are controlled by the same actor;] Alabastro.eu: an online shop to buy “white nationalists” t-shirts [and] ARPAC.eu: the website of a registered non-profit organisation advocating to lift regulation on gun control in France.
Other domains attributed to Suavelos (T0149.001: Domain Asset) reveal a website set up to sell merchandise (T0152.004: Website Asset, T0148.004: Payment Processing Capability, T0061: Sell Merchandise), and a website hosting a registered French non-profit (T0152.004: Website Asset, T0097.207: NGO Persona).
To learn more about the suavelos.eu domain, we collected the following data: The domain is hosted on OVH; The owner’s identity is protected; The IP Address of the server is 94.23.253.173, which is shared with 20 other domains.
The relative low number of websites hosted on this IP address could indicate that they all belong to the same people, and are hosted on the same private server.
Suavelos registered a domain using the web hosting provider OVH (T0149.001: Domain Asset, T0152.003: Website Hosting Platform, T0150.006: Purchased). The site’s IP address reveals a server hosting other domains potentially owned by the actors (T0149.005: Server Asset, T0149.006: IP Address Asset). |
-| [T0149.001 Domain Asset](../../generated_pages/techniques/T0149.001.md) | IT00000428 This report examines the white nationalist group Suavelos’ use of Facebook to draw visitors to its website without overtly revealing their racist ideology. This section of the report looks at technical indicators associated with the Suavelos website, and attributions which can be made as a consequence:
[The Google AdSense tag set up on Suavelos.eu was also found on the following domains, indicating that they are controlled by the same actor;] Alabastro.eu: an online shop to buy “white nationalists” t-shirts [and] ARPAC.eu: the website of a registered non-profit organisation advocating to lift regulation on gun control in France.
Other domains attributed to Suavelos (T0149.001: Domain Asset) reveal a website set up to sell merchandise (T0152.004: Website Asset, T0148.004: Payment Processing Capability, T0061: Sell Merchandise), and a website hosting a registered French non-profit (T0152.004: Website Asset, T0097.207: NGO Persona).
To learn more about the suavelos.eu domain, we collected the following data: The domain is hosted on OVH; The owner’s identity is protected; The IP Address of the server is 94.23.253.173, which is shared with 20 other domains.
The relative low number of websites hosted on this IP address could indicate that they all belong to the same people, and are hosted on the same private server.
Suavelos registered a domain using the web hosting provider OVH (T0149.001: Domain Asset, T0152.003: Website Hosting Platform, T0150.006: Purchased). The site’s IP address reveals a server hosting other domains potentially owned by the actors (T0149.005: Server Asset, T0149.006: IP Address Asset). |
-| [T0149.005 Server Asset](../../generated_pages/techniques/T0149.005.md) | IT00000433 This report examines the white nationalist group Suavelos’ use of Facebook to draw visitors to its website without overtly revealing their racist ideology. This section of the report looks at technical indicators associated with the Suavelos website, and attributions which can be made as a consequence:
[The Google AdSense tag set up on Suavelos.eu was also found on the following domains, indicating that they are controlled by the same actor;] Alabastro.eu: an online shop to buy “white nationalists” t-shirts [and] ARPAC.eu: the website of a registered non-profit organisation advocating to lift regulation on gun control in France.
Other domains attributed to Suavelos (T0149.001: Domain Asset) reveal a website set up to sell merchandise (T0152.004: Website Asset, T0148.004: Payment Processing Capability, T0061: Sell Merchandise), and a website hosting a registered French non-profit (T0152.004: Website Asset, T0097.207: NGO Persona).
To learn more about the suavelos.eu domain, we collected the following data: The domain is hosted on OVH; The owner’s identity is protected; The IP Address of the server is 94.23.253.173, which is shared with 20 other domains.
The relative low number of websites hosted on this IP address could indicate that they all belong to the same people, and are hosted on the same private server.
Suavelos registered a domain using the web hosting provider OVH (T0149.001: Domain Asset, T0152.003: Website Hosting Platform, T0150.006: Purchased). The site’s IP address reveals a server hosting other domains potentially owned by the actors (T0149.005: Server Asset, T0149.006: IP Address Asset). |
-| [T0149.006 IP Address Asset](../../generated_pages/techniques/T0149.006.md) | IT00000434 This report examines the white nationalist group Suavelos’ use of Facebook to draw visitors to its website without overtly revealing their racist ideology. This section of the report looks at technical indicators associated with the Suavelos website, and attributions which can be made as a consequence:
[The Google AdSense tag set up on Suavelos.eu was also found on the following domains, indicating that they are controlled by the same actor;] Alabastro.eu: an online shop to buy “white nationalists” t-shirts [and] ARPAC.eu: the website of a registered non-profit organisation advocating to lift regulation on gun control in France.
Other domains attributed to Suavelos (T0149.001: Domain Asset) reveal a website set up to sell merchandise (T0152.004: Website Asset, T0148.004: Payment Processing Capability, T0061: Sell Merchandise), and a website hosting a registered French non-profit (T0152.004: Website Asset, T0097.207: NGO Persona).
To learn more about the suavelos.eu domain, we collected the following data: The domain is hosted on OVH; The owner’s identity is protected; The IP Address of the server is 94.23.253.173, which is shared with 20 other domains.
The relative low number of websites hosted on this IP address could indicate that they all belong to the same people, and are hosted on the same private server.
Suavelos registered a domain using the web hosting provider OVH (T0149.001: Domain Asset, T0152.003: Website Hosting Platform, T0150.006: Purchased). The site’s IP address reveals a server hosting other domains potentially owned by the actors (T0149.005: Server Asset, T0149.006: IP Address Asset). |
-| [T0150.006 Purchased Asset](../../generated_pages/techniques/T0150.006.md) | IT00000432 This report examines the white nationalist group Suavelos’ use of Facebook to draw visitors to its website without overtly revealing their racist ideology. This section of the report looks at technical indicators associated with the Suavelos website, and attributions which can be made as a consequence:
[The Google AdSense tag set up on Suavelos.eu was also found on the following domains, indicating that they are controlled by the same actor;] Alabastro.eu: an online shop to buy “white nationalists” t-shirts [and] ARPAC.eu: the website of a registered non-profit organisation advocating to lift regulation on gun control in France.
Other domains attributed to Suavelos (T0149.001: Domain Asset) reveal a website set up to sell merchandise (T0152.004: Website Asset, T0148.004: Payment Processing Capability, T0061: Sell Merchandise), and a website hosting a registered French non-profit (T0152.004: Website Asset, T0097.207: NGO Persona).
To learn more about the suavelos.eu domain, we collected the following data: The domain is hosted on OVH; The owner’s identity is protected; The IP Address of the server is 94.23.253.173, which is shared with 20 other domains.
The relative low number of websites hosted on this IP address could indicate that they all belong to the same people, and are hosted on the same private server.
Suavelos registered a domain using the web hosting provider OVH (T0149.001: Domain Asset, T0152.003: Website Hosting Platform, T0150.006: Purchased). The site’s IP address reveals a server hosting other domains potentially owned by the actors (T0149.005: Server Asset, T0149.006: IP Address Asset). |
-| [T0151.001 Social Media Platform](../../generated_pages/techniques/T0151.001.md) | IT00000427 This report examines the white nationalist group Suavelos’ use of Facebook to draw visitors to its website without overtly revealing their racist ideology. This section of the report looks at the Suavelos website, and the content it links out to.
In going back to Suavelos’ main page, we also found: A link to a page on a web shop: alabastro.eu; A link to a page to donate money to the founders through Tipee and to the website through PayPal; [and] a link to a private forum that gathers 3.000 members: oppidum.suavelos.eu;
Suavelos linked out to an online store which it controlled (T0152.004: Website Asset, T0148.004: Payment Processing Capability), and to accounts on payment processing platforms PayPal and Tipee (T0146: Account Asset, T0148.003: Payment Processing Platform).
The Suavelos website also hosted a private forum (T0151.009: Legacy Online Forum Platform, T0155: Gated Asset), and linked out to a variety of assets it controlled on other online platforms: accounts on Twitter (T0146: Account Asset, T0151.008: Microblogging Platform), YouTube (T0146: Account Asset, T0152.006: Video Platform), Instagram and VKontakte (T0146: Account Asset, T0151.001: Social Media Platform). |
-| [T0151.008 Microblogging Platform](../../generated_pages/techniques/T0151.008.md) | IT00000425 This report examines the white nationalist group Suavelos’ use of Facebook to draw visitors to its website without overtly revealing their racist ideology. This section of the report looks at the Suavelos website, and the content it links out to.
In going back to Suavelos’ main page, we also found: A link to a page on a web shop: alabastro.eu; A link to a page to donate money to the founders through Tipee and to the website through PayPal; [and] a link to a private forum that gathers 3.000 members: oppidum.suavelos.eu;
Suavelos linked out to an online store which it controlled (T0152.004: Website Asset, T0148.004: Payment Processing Capability), and to accounts on payment processing platforms PayPal and Tipee (T0146: Account Asset, T0148.003: Payment Processing Platform).
The Suavelos website also hosted a private forum (T0151.009: Legacy Online Forum Platform, T0155: Gated Asset), and linked out to a variety of assets it controlled on other online platforms: accounts on Twitter (T0146: Account Asset, T0151.008: Microblogging Platform), YouTube (T0146: Account Asset, T0152.006: Video Platform), Instagram and VKontakte (T0146: Account Asset, T0151.001: Social Media Platform). |
-| [T0151.009 Legacy Online Forum Platform](../../generated_pages/techniques/T0151.009.md) | IT00000422 This report examines the white nationalist group Suavelos’ use of Facebook to draw visitors to its website without overtly revealing their racist ideology. This section of the report looks at the Suavelos website, and the content it links out to.
In going back to Suavelos’ main page, we also found: A link to a page on a web shop: alabastro.eu; A link to a page to donate money to the founders through Tipee and to the website through PayPal; [and] a link to a private forum that gathers 3.000 members: oppidum.suavelos.eu;
Suavelos linked out to an online store which it controlled (T0152.004: Website Asset, T0148.004: Payment Processing Capability), and to accounts on payment processing platforms PayPal and Tipee (T0146: Account Asset, T0148.003: Payment Processing Platform).
The Suavelos website also hosted a private forum (T0151.009: Legacy Online Forum Platform, T0155: Gated Asset), and linked out to a variety of assets it controlled on other online platforms: accounts on Twitter (T0146: Account Asset, T0151.008: Microblogging Platform), YouTube (T0146: Account Asset, T0152.006: Video Platform), Instagram and VKontakte (T0146: Account Asset, T0151.001: Social Media Platform). |
-| [T0152.004 Website Asset](../../generated_pages/techniques/T0152.004.md) | IT00000419 This report examines the white nationalist group Suavelos’ use of Facebook to draw visitors to its website without overtly revealing their racist ideology. This section of the report looks at the Suavelos website, and the content it links out to.
In going back to Suavelos’ main page, we also found: A link to a page on a web shop: alabastro.eu; A link to a page to donate money to the founders through Tipee and to the website through PayPal; [and] a link to a private forum that gathers 3.000 members: oppidum.suavelos.eu;
Suavelos linked out to an online store which it controlled (T0152.004: Website Asset, T0148.004: Payment Processing Capability), and to accounts on payment processing platforms PayPal and Tipee (T0146: Account Asset, T0148.003: Payment Processing Platform).
The Suavelos website also hosted a private forum (T0151.009: Legacy Online Forum Platform, T0155: Gated Asset), and linked out to a variety of assets it controlled on other online platforms: accounts on Twitter (T0146: Account Asset, T0151.008: Microblogging Platform), YouTube (T0146: Account Asset, T0152.006: Video Platform), Instagram and VKontakte (T0146: Account Asset, T0151.001: Social Media Platform). |
-| [T0152.006 Video Platform](../../generated_pages/techniques/T0152.006.md) | IT00000426 This report examines the white nationalist group Suavelos’ use of Facebook to draw visitors to its website without overtly revealing their racist ideology. This section of the report looks at the Suavelos website, and the content it links out to.
In going back to Suavelos’ main page, we also found: A link to a page on a web shop: alabastro.eu; A link to a page to donate money to the founders through Tipee and to the website through PayPal; [and] a link to a private forum that gathers 3.000 members: oppidum.suavelos.eu;
Suavelos linked out to an online store which it controlled (T0152.004: Website Asset, T0148.004: Payment Processing Capability), and to accounts on payment processing platforms PayPal and Tipee (T0146: Account Asset, T0148.003: Payment Processing Platform).
The Suavelos website also hosted a private forum (T0151.009: Legacy Online Forum Platform, T0155: Gated Asset), and linked out to a variety of assets it controlled on other online platforms: accounts on Twitter (T0146: Account Asset, T0151.008: Microblogging Platform), YouTube (T0146: Account Asset, T0152.006: Video Platform), Instagram and VKontakte (T0146: Account Asset, T0151.001: Social Media Platform). |
-| [T0155 Gated Asset](../../generated_pages/techniques/T0155.md) | IT00000423 This report examines the white nationalist group Suavelos’ use of Facebook to draw visitors to its website without overtly revealing their racist ideology. This section of the report looks at the Suavelos website, and the content it links out to.
In going back to Suavelos’ main page, we also found: A link to a page on a web shop: alabastro.eu; A link to a page to donate money to the founders through Tipee and to the website through PayPal; [and] a link to a private forum that gathers 3.000 members: oppidum.suavelos.eu;
Suavelos linked out to an online store which it controlled (T0152.004: Website Asset, T0148.004: Payment Processing Capability), and to accounts on payment processing platforms PayPal and Tipee (T0146: Account Asset, T0148.003: Payment Processing Platform).
The Suavelos website also hosted a private forum (T0151.009: Legacy Online Forum Platform, T0155: Gated Asset), and linked out to a variety of assets it controlled on other online platforms: accounts on Twitter (T0146: Account Asset, T0151.008: Microblogging Platform), YouTube (T0146: Account Asset, T0152.006: Video Platform), Instagram and VKontakte (T0146: Account Asset, T0151.001: Social Media Platform). |
+| [T0061 Sell Merchandise](../../generated_pages/techniques/T0061.md) | This report examines the white nationalist group Suavelos’ use of Facebook to draw visitors to its website without overtly revealing their racist ideology. This section of the report looks at technical indicators associated with the Suavelos website, and attributions which can be made as a consequence:
[The Google AdSense tag set up on Suavelos.eu was also found on the following domains, indicating that they are controlled by the same actor;] Alabastro.eu: an online shop to buy “white nationalists” t-shirts [and] ARPAC.eu: the website of a registered non-profit organisation advocating to lift regulation on gun control in France.
Other domains attributed to Suavelos (T0149.001: Domain Asset) reveal a website set up to sell merchandise (T0152.004: Website Asset, T0148.004: Payment Processing Capability, T0061: Sell Merchandise), and a website hosting a registered French non-profit (T0152.004: Website Asset, T0097.207: NGO Persona).
To learn more about the suavelos.eu domain, we collected the following data: The domain is hosted on OVH; The owner’s identity is protected; The IP Address of the server is 94.23.253.173, which is shared with 20 other domains.
The relative low number of websites hosted on this IP address could indicate that they all belong to the same people, and are hosted on the same private server.
Suavelos registered a domain using the web hosting provider OVH (T0149.001: Domain Asset, T0152.003: Website Hosting Platform, T0150.006: Purchased). The site’s IP address reveals a server hosting other domains potentially owned by the actors (T0149.005: Server Asset, T0149.006: IP Address Asset). |
+| [T0097.207 NGO Persona](../../generated_pages/techniques/T0097.207.md) | This report examines the white nationalist group Suavelos’ use of Facebook to draw visitors to its website without overtly revealing their racist ideology. This section of the report looks at technical indicators associated with the Suavelos website, and attributions which can be made as a consequence:
[The Google AdSense tag set up on Suavelos.eu was also found on the following domains, indicating that they are controlled by the same actor;] Alabastro.eu: an online shop to buy “white nationalists” t-shirts [and] ARPAC.eu: the website of a registered non-profit organisation advocating to lift regulation on gun control in France.
Other domains attributed to Suavelos (T0149.001: Domain Asset) reveal a website set up to sell merchandise (T0152.004: Website Asset, T0148.004: Payment Processing Capability, T0061: Sell Merchandise), and a website hosting a registered French non-profit (T0152.004: Website Asset, T0097.207: NGO Persona).
To learn more about the suavelos.eu domain, we collected the following data: The domain is hosted on OVH; The owner’s identity is protected; The IP Address of the server is 94.23.253.173, which is shared with 20 other domains.
The relative low number of websites hosted on this IP address could indicate that they all belong to the same people, and are hosted on the same private server.
Suavelos registered a domain using the web hosting provider OVH (T0149.001: Domain Asset, T0152.003: Website Hosting Platform, T0150.006: Purchased). The site’s IP address reveals a server hosting other domains potentially owned by the actors (T0149.005: Server Asset, T0149.006: IP Address Asset). |
+| [T0146 Account Asset](../../generated_pages/techniques/T0146.md) | This report examines the white nationalist group Suavelos’ use of Facebook to draw visitors to its website without overtly revealing their racist ideology. This section of the report looks at the Suavelos website, and the content it links out to.
In going back to Suavelos’ main page, we also found: A link to a page on a web shop: alabastro.eu; A link to a page to donate money to the founders through Tipee and to the website through PayPal; [and] a link to a private forum that gathers 3.000 members: oppidum.suavelos.eu;
Suavelos linked out to an online store which it controlled (T0152.004: Website Asset, T0148.004: Payment Processing Capability), and to accounts on payment processing platforms PayPal and Tipee (T0146: Account Asset, T0148.003: Payment Processing Platform).
The Suavelos website also hosted a private forum (T0151.009: Legacy Online Forum Platform, T0155: Gated Asset), and linked out to a variety of assets it controlled on other online platforms: accounts on Twitter (T0146: Account Asset, T0151.008: Microblogging Platform), YouTube (T0146: Account Asset, T0152.006: Video Platform), Instagram and VKontakte (T0146: Account Asset, T0151.001: Social Media Platform). |
+| [T0148.003 Payment Processing Platform](../../generated_pages/techniques/T0148.003.md) | This report examines the white nationalist group Suavelos’ use of Facebook to draw visitors to its website without overtly revealing their racist ideology. This section of the report looks at the Suavelos website, and the content it links out to.
In going back to Suavelos’ main page, we also found: A link to a page on a web shop: alabastro.eu; A link to a page to donate money to the founders through Tipee and to the website through PayPal; [and] a link to a private forum that gathers 3.000 members: oppidum.suavelos.eu;
Suavelos linked out to an online store which it controlled (T0152.004: Website Asset, T0148.004: Payment Processing Capability), and to accounts on payment processing platforms PayPal and Tipee (T0146: Account Asset, T0148.003: Payment Processing Platform).
The Suavelos website also hosted a private forum (T0151.009: Legacy Online Forum Platform, T0155: Gated Asset), and linked out to a variety of assets it controlled on other online platforms: accounts on Twitter (T0146: Account Asset, T0151.008: Microblogging Platform), YouTube (T0146: Account Asset, T0152.006: Video Platform), Instagram and VKontakte (T0146: Account Asset, T0151.001: Social Media Platform). |
+| [T0148.004 Payment Processing Capability](../../generated_pages/techniques/T0148.004.md) | This report examines the white nationalist group Suavelos’ use of Facebook to draw visitors to its website without overtly revealing their racist ideology. This section of the report looks at the Suavelos website, and the content it links out to.
In going back to Suavelos’ main page, we also found: A link to a page on a web shop: alabastro.eu; A link to a page to donate money to the founders through Tipee and to the website through PayPal; [and] a link to a private forum that gathers 3.000 members: oppidum.suavelos.eu;
Suavelos linked out to an online store which it controlled (T0152.004: Website Asset, T0148.004: Payment Processing Capability), and to accounts on payment processing platforms PayPal and Tipee (T0146: Account Asset, T0148.003: Payment Processing Platform).
The Suavelos website also hosted a private forum (T0151.009: Legacy Online Forum Platform, T0155: Gated Asset), and linked out to a variety of assets it controlled on other online platforms: accounts on Twitter (T0146: Account Asset, T0151.008: Microblogging Platform), YouTube (T0146: Account Asset, T0152.006: Video Platform), Instagram and VKontakte (T0146: Account Asset, T0151.001: Social Media Platform). |
+| [T0148.004 Payment Processing Capability](../../generated_pages/techniques/T0148.004.md) | This report examines the white nationalist group Suavelos’ use of Facebook to draw visitors to its website without overtly revealing their racist ideology. This section of the report looks at technical indicators associated with the Suavelos website, and attributions which can be made as a consequence:
[The Google AdSense tag set up on Suavelos.eu was also found on the following domains, indicating that they are controlled by the same actor;] Alabastro.eu: an online shop to buy “white nationalists” t-shirts [and] ARPAC.eu: the website of a registered non-profit organisation advocating to lift regulation on gun control in France.
Other domains attributed to Suavelos (T0149.001: Domain Asset) reveal a website set up to sell merchandise (T0152.004: Website Asset, T0148.004: Payment Processing Capability, T0061: Sell Merchandise), and a website hosting a registered French non-profit (T0152.004: Website Asset, T0097.207: NGO Persona).
To learn more about the suavelos.eu domain, we collected the following data: The domain is hosted on OVH; The owner’s identity is protected; The IP Address of the server is 94.23.253.173, which is shared with 20 other domains.
The relative low number of websites hosted on this IP address could indicate that they all belong to the same people, and are hosted on the same private server.
Suavelos registered a domain using the web hosting provider OVH (T0149.001: Domain Asset, T0152.003: Website Hosting Platform, T0150.006: Purchased). The site’s IP address reveals a server hosting other domains potentially owned by the actors (T0149.005: Server Asset, T0149.006: IP Address Asset). |
+| [T0149.001 Domain Asset](../../generated_pages/techniques/T0149.001.md) | This report examines the white nationalist group Suavelos’ use of Facebook to draw visitors to its website without overtly revealing their racist ideology. This section of the report looks at technical indicators associated with the Suavelos website, and attributions which can be made as a consequence:
[The Google AdSense tag set up on Suavelos.eu was also found on the following domains, indicating that they are controlled by the same actor;] Alabastro.eu: an online shop to buy “white nationalists” t-shirts [and] ARPAC.eu: the website of a registered non-profit organisation advocating to lift regulation on gun control in France.
Other domains attributed to Suavelos (T0149.001: Domain Asset) reveal a website set up to sell merchandise (T0152.004: Website Asset, T0148.004: Payment Processing Capability, T0061: Sell Merchandise), and a website hosting a registered French non-profit (T0152.004: Website Asset, T0097.207: NGO Persona).
To learn more about the suavelos.eu domain, we collected the following data: The domain is hosted on OVH; The owner’s identity is protected; The IP Address of the server is 94.23.253.173, which is shared with 20 other domains.
The relative low number of websites hosted on this IP address could indicate that they all belong to the same people, and are hosted on the same private server.
Suavelos registered a domain using the web hosting provider OVH (T0149.001: Domain Asset, T0152.003: Website Hosting Platform, T0150.006: Purchased). The site’s IP address reveals a server hosting other domains potentially owned by the actors (T0149.005: Server Asset, T0149.006: IP Address Asset). |
+| [T0149.005 Server Asset](../../generated_pages/techniques/T0149.005.md) | This report examines the white nationalist group Suavelos’ use of Facebook to draw visitors to its website without overtly revealing their racist ideology. This section of the report looks at technical indicators associated with the Suavelos website, and attributions which can be made as a consequence:
[The Google AdSense tag set up on Suavelos.eu was also found on the following domains, indicating that they are controlled by the same actor;] Alabastro.eu: an online shop to buy “white nationalists” t-shirts [and] ARPAC.eu: the website of a registered non-profit organisation advocating to lift regulation on gun control in France.
Other domains attributed to Suavelos (T0149.001: Domain Asset) reveal a website set up to sell merchandise (T0152.004: Website Asset, T0148.004: Payment Processing Capability, T0061: Sell Merchandise), and a website hosting a registered French non-profit (T0152.004: Website Asset, T0097.207: NGO Persona).
To learn more about the suavelos.eu domain, we collected the following data: The domain is hosted on OVH; The owner’s identity is protected; The IP Address of the server is 94.23.253.173, which is shared with 20 other domains.
The relative low number of websites hosted on this IP address could indicate that they all belong to the same people, and are hosted on the same private server.
Suavelos registered a domain using the web hosting provider OVH (T0149.001: Domain Asset, T0152.003: Website Hosting Platform, T0150.006: Purchased). The site’s IP address reveals a server hosting other domains potentially owned by the actors (T0149.005: Server Asset, T0149.006: IP Address Asset). |
+| [T0149.006 IP Address Asset](../../generated_pages/techniques/T0149.006.md) | This report examines the white nationalist group Suavelos’ use of Facebook to draw visitors to its website without overtly revealing their racist ideology. This section of the report looks at technical indicators associated with the Suavelos website, and attributions which can be made as a consequence:
[The Google AdSense tag set up on Suavelos.eu was also found on the following domains, indicating that they are controlled by the same actor;] Alabastro.eu: an online shop to buy “white nationalists” t-shirts [and] ARPAC.eu: the website of a registered non-profit organisation advocating to lift regulation on gun control in France.
Other domains attributed to Suavelos (T0149.001: Domain Asset) reveal a website set up to sell merchandise (T0152.004: Website Asset, T0148.004: Payment Processing Capability, T0061: Sell Merchandise), and a website hosting a registered French non-profit (T0152.004: Website Asset, T0097.207: NGO Persona).
To learn more about the suavelos.eu domain, we collected the following data: The domain is hosted on OVH; The owner’s identity is protected; The IP Address of the server is 94.23.253.173, which is shared with 20 other domains.
The relative low number of websites hosted on this IP address could indicate that they all belong to the same people, and are hosted on the same private server.
Suavelos registered a domain using the web hosting provider OVH (T0149.001: Domain Asset, T0152.003: Website Hosting Platform, T0150.006: Purchased). The site’s IP address reveals a server hosting other domains potentially owned by the actors (T0149.005: Server Asset, T0149.006: IP Address Asset). |
+| [T0150.006 Purchased Asset](../../generated_pages/techniques/T0150.006.md) | This report examines the white nationalist group Suavelos’ use of Facebook to draw visitors to its website without overtly revealing their racist ideology. This section of the report looks at technical indicators associated with the Suavelos website, and attributions which can be made as a consequence:
[The Google AdSense tag set up on Suavelos.eu was also found on the following domains, indicating that they are controlled by the same actor;] Alabastro.eu: an online shop to buy “white nationalists” t-shirts [and] ARPAC.eu: the website of a registered non-profit organisation advocating to lift regulation on gun control in France.
Other domains attributed to Suavelos (T0149.001: Domain Asset) reveal a website set up to sell merchandise (T0152.004: Website Asset, T0148.004: Payment Processing Capability, T0061: Sell Merchandise), and a website hosting a registered French non-profit (T0152.004: Website Asset, T0097.207: NGO Persona).
To learn more about the suavelos.eu domain, we collected the following data: The domain is hosted on OVH; The owner’s identity is protected; The IP Address of the server is 94.23.253.173, which is shared with 20 other domains.
The relative low number of websites hosted on this IP address could indicate that they all belong to the same people, and are hosted on the same private server.
Suavelos registered a domain using the web hosting provider OVH (T0149.001: Domain Asset, T0152.003: Website Hosting Platform, T0150.006: Purchased). The site’s IP address reveals a server hosting other domains potentially owned by the actors (T0149.005: Server Asset, T0149.006: IP Address Asset). |
+| [T0151.001 Social Media Platform](../../generated_pages/techniques/T0151.001.md) | This report examines the white nationalist group Suavelos’ use of Facebook to draw visitors to its website without overtly revealing their racist ideology. This section of the report looks at the Suavelos website, and the content it links out to.
In going back to Suavelos’ main page, we also found: A link to a page on a web shop: alabastro.eu; A link to a page to donate money to the founders through Tipee and to the website through PayPal; [and] a link to a private forum that gathers 3.000 members: oppidum.suavelos.eu;
Suavelos linked out to an online store which it controlled (T0152.004: Website Asset, T0148.004: Payment Processing Capability), and to accounts on payment processing platforms PayPal and Tipee (T0146: Account Asset, T0148.003: Payment Processing Platform).
The Suavelos website also hosted a private forum (T0151.009: Legacy Online Forum Platform, T0155: Gated Asset), and linked out to a variety of assets it controlled on other online platforms: accounts on Twitter (T0146: Account Asset, T0151.008: Microblogging Platform), YouTube (T0146: Account Asset, T0152.006: Video Platform), Instagram and VKontakte (T0146: Account Asset, T0151.001: Social Media Platform). |
+| [T0151.008 Microblogging Platform](../../generated_pages/techniques/T0151.008.md) | This report examines the white nationalist group Suavelos’ use of Facebook to draw visitors to its website without overtly revealing their racist ideology. This section of the report looks at the Suavelos website, and the content it links out to.
In going back to Suavelos’ main page, we also found: A link to a page on a web shop: alabastro.eu; A link to a page to donate money to the founders through Tipee and to the website through PayPal; [and] a link to a private forum that gathers 3.000 members: oppidum.suavelos.eu;
Suavelos linked out to an online store which it controlled (T0152.004: Website Asset, T0148.004: Payment Processing Capability), and to accounts on payment processing platforms PayPal and Tipee (T0146: Account Asset, T0148.003: Payment Processing Platform).
The Suavelos website also hosted a private forum (T0151.009: Legacy Online Forum Platform, T0155: Gated Asset), and linked out to a variety of assets it controlled on other online platforms: accounts on Twitter (T0146: Account Asset, T0151.008: Microblogging Platform), YouTube (T0146: Account Asset, T0152.006: Video Platform), Instagram and VKontakte (T0146: Account Asset, T0151.001: Social Media Platform). |
+| [T0151.009 Legacy Online Forum Platform](../../generated_pages/techniques/T0151.009.md) | This report examines the white nationalist group Suavelos’ use of Facebook to draw visitors to its website without overtly revealing their racist ideology. This section of the report looks at the Suavelos website, and the content it links out to.
In going back to Suavelos’ main page, we also found: A link to a page on a web shop: alabastro.eu; A link to a page to donate money to the founders through Tipee and to the website through PayPal; [and] a link to a private forum that gathers 3.000 members: oppidum.suavelos.eu;
Suavelos linked out to an online store which it controlled (T0152.004: Website Asset, T0148.004: Payment Processing Capability), and to accounts on payment processing platforms PayPal and Tipee (T0146: Account Asset, T0148.003: Payment Processing Platform).
The Suavelos website also hosted a private forum (T0151.009: Legacy Online Forum Platform, T0155: Gated Asset), and linked out to a variety of assets it controlled on other online platforms: accounts on Twitter (T0146: Account Asset, T0151.008: Microblogging Platform), YouTube (T0146: Account Asset, T0152.006: Video Platform), Instagram and VKontakte (T0146: Account Asset, T0151.001: Social Media Platform). |
+| [T0152.004 Website Asset](../../generated_pages/techniques/T0152.004.md) | This report examines the white nationalist group Suavelos’ use of Facebook to draw visitors to its website without overtly revealing their racist ideology. This section of the report looks at the Suavelos website, and the content it links out to.
In going back to Suavelos’ main page, we also found: A link to a page on a web shop: alabastro.eu; A link to a page to donate money to the founders through Tipee and to the website through PayPal; [and] a link to a private forum that gathers 3.000 members: oppidum.suavelos.eu;
Suavelos linked out to an online store which it controlled (T0152.004: Website Asset, T0148.004: Payment Processing Capability), and to accounts on payment processing platforms PayPal and Tipee (T0146: Account Asset, T0148.003: Payment Processing Platform).
The Suavelos website also hosted a private forum (T0151.009: Legacy Online Forum Platform, T0155: Gated Asset), and linked out to a variety of assets it controlled on other online platforms: accounts on Twitter (T0146: Account Asset, T0151.008: Microblogging Platform), YouTube (T0146: Account Asset, T0152.006: Video Platform), Instagram and VKontakte (T0146: Account Asset, T0151.001: Social Media Platform). |
+| [T0152.006 Video Platform](../../generated_pages/techniques/T0152.006.md) | This report examines the white nationalist group Suavelos’ use of Facebook to draw visitors to its website without overtly revealing their racist ideology. This section of the report looks at the Suavelos website, and the content it links out to.
In going back to Suavelos’ main page, we also found: A link to a page on a web shop: alabastro.eu; A link to a page to donate money to the founders through Tipee and to the website through PayPal; [and] a link to a private forum that gathers 3.000 members: oppidum.suavelos.eu;
Suavelos linked out to an online store which it controlled (T0152.004: Website Asset, T0148.004: Payment Processing Capability), and to accounts on payment processing platforms PayPal and Tipee (T0146: Account Asset, T0148.003: Payment Processing Platform).
The Suavelos website also hosted a private forum (T0151.009: Legacy Online Forum Platform, T0155: Gated Asset), and linked out to a variety of assets it controlled on other online platforms: accounts on Twitter (T0146: Account Asset, T0151.008: Microblogging Platform), YouTube (T0146: Account Asset, T0152.006: Video Platform), Instagram and VKontakte (T0146: Account Asset, T0151.001: Social Media Platform). |
+| [T0155 Gated Asset](../../generated_pages/techniques/T0155.md) | This report examines the white nationalist group Suavelos’ use of Facebook to draw visitors to its website without overtly revealing their racist ideology. This section of the report looks at the Suavelos website, and the content it links out to.
In going back to Suavelos’ main page, we also found: A link to a page on a web shop: alabastro.eu; A link to a page to donate money to the founders through Tipee and to the website through PayPal; [and] a link to a private forum that gathers 3.000 members: oppidum.suavelos.eu;
Suavelos linked out to an online store which it controlled (T0152.004: Website Asset, T0148.004: Payment Processing Capability), and to accounts on payment processing platforms PayPal and Tipee (T0146: Account Asset, T0148.003: Payment Processing Platform).
The Suavelos website also hosted a private forum (T0151.009: Legacy Online Forum Platform, T0155: Gated Asset), and linked out to a variety of assets it controlled on other online platforms: accounts on Twitter (T0146: Account Asset, T0151.008: Microblogging Platform), YouTube (T0146: Account Asset, T0152.006: Video Platform), Instagram and VKontakte (T0146: Account Asset, T0151.001: Social Media Platform). |
DO NOT EDIT ABOVE THIS LINE - PLEASE ADD NOTES BELOW
\ No newline at end of file
diff --git a/generated_pages/incidents/I00110.md b/generated_pages/incidents/I00110.md
index 8c313a4..0e8ee60 100644
--- a/generated_pages/incidents/I00110.md
+++ b/generated_pages/incidents/I00110.md
@@ -21,15 +21,15 @@
| Technique | Description given for this incident |
| --------- | ------------------------- |
-| [T0017 Conduct Fundraising](../../generated_pages/techniques/T0017.md) | IT00000435 The EU Disinfo Lab produced a report into disinformation published on crowdfunding platforms:
More worrisome is the direct monetisation of disinformation happening on crowdfunding platforms: on Kickstarter, we found a user openly raising money for a documentary project suggesting that COVID-19 is a conspiracy.
A Kickstarter user attempted to use the platform to fund production of a documentary (T0017: Conduct Fundraising, T0087: Develop Video-Based Content, T0146: Account Asset, T0148.006: Crowdfunding Platform).
On Patreon, we found several instances of direct monetisation of COVID-19 disinformation, including posts promoting a device allegedly protecting against COVID-19 and 5G, as well as posts related to the “Plandemic” conspiracy video, which gained attention on YouTube before being removed by the platform.
We also found an account called “Stranger than fiction” entirely dedicated to disinformation, which openly states that their content was “Banned by screwtube and fakebook, our videos have been viewed over a billion times.”
The “Stranger than fiction” user presented itself as an alternative news source which had been banned from other platforms (T0146: Account Asset, T0097.202: News Outlet Persona, T0121.001: Bypass Content Bocking, T0152.012: Subscription Service Platform).
On the US-based crowdfunding platform IndieGogo, EU DisinfoLab found a successful crowdfunding campaign of €133.903 for a book called Revolution Q. This book, now also available on Amazon, claims to be “Written for both newcomers and long-time QAnon fans alike, this book is a treasure-trove of information designed to help everyone weather The Storm.”
An IndieGogo account was used to gather funds to produce a book on QAnon (T0017: Conduct Fundraising, T0085.005: Develop Book, T0146: Account Asset, T0148.006: Crowdfunding Platform), with the book later sold on Amazon marketplace (T0148.007: eCommerce Platform). |
-| [T0085.005 Develop Book](../../generated_pages/techniques/T0085.005.md) | IT00000442 The EU Disinfo Lab produced a report into disinformation published on crowdfunding platforms:
More worrisome is the direct monetisation of disinformation happening on crowdfunding platforms: on Kickstarter, we found a user openly raising money for a documentary project suggesting that COVID-19 is a conspiracy.
A Kickstarter user attempted to use the platform to fund production of a documentary (T0017: Conduct Fundraising, T0087: Develop Video-Based Content, T0146: Account Asset, T0148.006: Crowdfunding Platform).
On Patreon, we found several instances of direct monetisation of COVID-19 disinformation, including posts promoting a device allegedly protecting against COVID-19 and 5G, as well as posts related to the “Plandemic” conspiracy video, which gained attention on YouTube before being removed by the platform.
We also found an account called “Stranger than fiction” entirely dedicated to disinformation, which openly states that their content was “Banned by screwtube and fakebook, our videos have been viewed over a billion times.”
The “Stranger than fiction” user presented itself as an alternative news source which had been banned from other platforms (T0146: Account Asset, T0097.202: News Outlet Persona, T0121.001: Bypass Content Bocking, T0152.012: Subscription Service Platform).
On the US-based crowdfunding platform IndieGogo, EU DisinfoLab found a successful crowdfunding campaign of €133.903 for a book called Revolution Q. This book, now also available on Amazon, claims to be “Written for both newcomers and long-time QAnon fans alike, this book is a treasure-trove of information designed to help everyone weather The Storm.”
An IndieGogo account was used to gather funds to produce a book on QAnon (T0017: Conduct Fundraising, T0085.005: Develop Book, T0146: Account Asset, T0148.006: Crowdfunding Platform), with the book later sold on Amazon marketplace (T0148.007: eCommerce Platform). |
-| [T0087 Develop Video-Based Content](../../generated_pages/techniques/T0087.md) | IT00000436 The EU Disinfo Lab produced a report into disinformation published on crowdfunding platforms:
More worrisome is the direct monetisation of disinformation happening on crowdfunding platforms: on Kickstarter, we found a user openly raising money for a documentary project suggesting that COVID-19 is a conspiracy.
A Kickstarter user attempted to use the platform to fund production of a documentary (T0017: Conduct Fundraising, T0087: Develop Video-Based Content, T0146: Account Asset, T0148.006: Crowdfunding Platform).
On Patreon, we found several instances of direct monetisation of COVID-19 disinformation, including posts promoting a device allegedly protecting against COVID-19 and 5G, as well as posts related to the “Plandemic” conspiracy video, which gained attention on YouTube before being removed by the platform.
We also found an account called “Stranger than fiction” entirely dedicated to disinformation, which openly states that their content was “Banned by screwtube and fakebook, our videos have been viewed over a billion times.”
The “Stranger than fiction” user presented itself as an alternative news source which had been banned from other platforms (T0146: Account Asset, T0097.202: News Outlet Persona, T0121.001: Bypass Content Bocking, T0152.012: Subscription Service Platform).
On the US-based crowdfunding platform IndieGogo, EU DisinfoLab found a successful crowdfunding campaign of €133.903 for a book called Revolution Q. This book, now also available on Amazon, claims to be “Written for both newcomers and long-time QAnon fans alike, this book is a treasure-trove of information designed to help everyone weather The Storm.”
An IndieGogo account was used to gather funds to produce a book on QAnon (T0017: Conduct Fundraising, T0085.005: Develop Book, T0146: Account Asset, T0148.006: Crowdfunding Platform), with the book later sold on Amazon marketplace (T0148.007: eCommerce Platform). |
-| [T0097.202 News Outlet Persona](../../generated_pages/techniques/T0097.202.md) | IT00000439 The EU Disinfo Lab produced a report into disinformation published on crowdfunding platforms:
More worrisome is the direct monetisation of disinformation happening on crowdfunding platforms: on Kickstarter, we found a user openly raising money for a documentary project suggesting that COVID-19 is a conspiracy.
A Kickstarter user attempted to use the platform to fund production of a documentary (T0017: Conduct Fundraising, T0087: Develop Video-Based Content, T0146: Account Asset, T0148.006: Crowdfunding Platform).
On Patreon, we found several instances of direct monetisation of COVID-19 disinformation, including posts promoting a device allegedly protecting against COVID-19 and 5G, as well as posts related to the “Plandemic” conspiracy video, which gained attention on YouTube before being removed by the platform.
We also found an account called “Stranger than fiction” entirely dedicated to disinformation, which openly states that their content was “Banned by screwtube and fakebook, our videos have been viewed over a billion times.”
The “Stranger than fiction” user presented itself as an alternative news source which had been banned from other platforms (T0146: Account Asset, T0097.202: News Outlet Persona, T0121.001: Bypass Content Bocking, T0152.012: Subscription Service Platform).
On the US-based crowdfunding platform IndieGogo, EU DisinfoLab found a successful crowdfunding campaign of €133.903 for a book called Revolution Q. This book, now also available on Amazon, claims to be “Written for both newcomers and long-time QAnon fans alike, this book is a treasure-trove of information designed to help everyone weather The Storm.”
An IndieGogo account was used to gather funds to produce a book on QAnon (T0017: Conduct Fundraising, T0085.005: Develop Book, T0146: Account Asset, T0148.006: Crowdfunding Platform), with the book later sold on Amazon marketplace (T0148.007: eCommerce Platform). |
-| [T0121.001 Bypass Content Blocking](../../generated_pages/techniques/T0121.001.md) | IT00000440 The EU Disinfo Lab produced a report into disinformation published on crowdfunding platforms:
More worrisome is the direct monetisation of disinformation happening on crowdfunding platforms: on Kickstarter, we found a user openly raising money for a documentary project suggesting that COVID-19 is a conspiracy.
A Kickstarter user attempted to use the platform to fund production of a documentary (T0017: Conduct Fundraising, T0087: Develop Video-Based Content, T0146: Account Asset, T0148.006: Crowdfunding Platform).
On Patreon, we found several instances of direct monetisation of COVID-19 disinformation, including posts promoting a device allegedly protecting against COVID-19 and 5G, as well as posts related to the “Plandemic” conspiracy video, which gained attention on YouTube before being removed by the platform.
We also found an account called “Stranger than fiction” entirely dedicated to disinformation, which openly states that their content was “Banned by screwtube and fakebook, our videos have been viewed over a billion times.”
The “Stranger than fiction” user presented itself as an alternative news source which had been banned from other platforms (T0146: Account Asset, T0097.202: News Outlet Persona, T0121.001: Bypass Content Bocking, T0152.012: Subscription Service Platform).
On the US-based crowdfunding platform IndieGogo, EU DisinfoLab found a successful crowdfunding campaign of €133.903 for a book called Revolution Q. This book, now also available on Amazon, claims to be “Written for both newcomers and long-time QAnon fans alike, this book is a treasure-trove of information designed to help everyone weather The Storm.”
An IndieGogo account was used to gather funds to produce a book on QAnon (T0017: Conduct Fundraising, T0085.005: Develop Book, T0146: Account Asset, T0148.006: Crowdfunding Platform), with the book later sold on Amazon marketplace (T0148.007: eCommerce Platform). |
-| [T0146 Account Asset](../../generated_pages/techniques/T0146.md) | IT00000438 The EU Disinfo Lab produced a report into disinformation published on crowdfunding platforms:
More worrisome is the direct monetisation of disinformation happening on crowdfunding platforms: on Kickstarter, we found a user openly raising money for a documentary project suggesting that COVID-19 is a conspiracy.
A Kickstarter user attempted to use the platform to fund production of a documentary (T0017: Conduct Fundraising, T0087: Develop Video-Based Content, T0146: Account Asset, T0148.006: Crowdfunding Platform).
On Patreon, we found several instances of direct monetisation of COVID-19 disinformation, including posts promoting a device allegedly protecting against COVID-19 and 5G, as well as posts related to the “Plandemic” conspiracy video, which gained attention on YouTube before being removed by the platform.
We also found an account called “Stranger than fiction” entirely dedicated to disinformation, which openly states that their content was “Banned by screwtube and fakebook, our videos have been viewed over a billion times.”
The “Stranger than fiction” user presented itself as an alternative news source which had been banned from other platforms (T0146: Account Asset, T0097.202: News Outlet Persona, T0121.001: Bypass Content Bocking, T0152.012: Subscription Service Platform).
On the US-based crowdfunding platform IndieGogo, EU DisinfoLab found a successful crowdfunding campaign of €133.903 for a book called Revolution Q. This book, now also available on Amazon, claims to be “Written for both newcomers and long-time QAnon fans alike, this book is a treasure-trove of information designed to help everyone weather The Storm.”
An IndieGogo account was used to gather funds to produce a book on QAnon (T0017: Conduct Fundraising, T0085.005: Develop Book, T0146: Account Asset, T0148.006: Crowdfunding Platform), with the book later sold on Amazon marketplace (T0148.007: eCommerce Platform). |
-| [T0148.006 Crowdfunding Platform](../../generated_pages/techniques/T0148.006.md) | IT00000437 The EU Disinfo Lab produced a report into disinformation published on crowdfunding platforms:
More worrisome is the direct monetisation of disinformation happening on crowdfunding platforms: on Kickstarter, we found a user openly raising money for a documentary project suggesting that COVID-19 is a conspiracy.
A Kickstarter user attempted to use the platform to fund production of a documentary (T0017: Conduct Fundraising, T0087: Develop Video-Based Content, T0146: Account Asset, T0148.006: Crowdfunding Platform).
On Patreon, we found several instances of direct monetisation of COVID-19 disinformation, including posts promoting a device allegedly protecting against COVID-19 and 5G, as well as posts related to the “Plandemic” conspiracy video, which gained attention on YouTube before being removed by the platform.
We also found an account called “Stranger than fiction” entirely dedicated to disinformation, which openly states that their content was “Banned by screwtube and fakebook, our videos have been viewed over a billion times.”
The “Stranger than fiction” user presented itself as an alternative news source which had been banned from other platforms (T0146: Account Asset, T0097.202: News Outlet Persona, T0121.001: Bypass Content Bocking, T0152.012: Subscription Service Platform).
On the US-based crowdfunding platform IndieGogo, EU DisinfoLab found a successful crowdfunding campaign of €133.903 for a book called Revolution Q. This book, now also available on Amazon, claims to be “Written for both newcomers and long-time QAnon fans alike, this book is a treasure-trove of information designed to help everyone weather The Storm.”
An IndieGogo account was used to gather funds to produce a book on QAnon (T0017: Conduct Fundraising, T0085.005: Develop Book, T0146: Account Asset, T0148.006: Crowdfunding Platform), with the book later sold on Amazon marketplace (T0148.007: eCommerce Platform). |
-| [T0148.007 eCommerce Platform](../../generated_pages/techniques/T0148.007.md) | IT00000443 The EU Disinfo Lab produced a report into disinformation published on crowdfunding platforms:
More worrisome is the direct monetisation of disinformation happening on crowdfunding platforms: on Kickstarter, we found a user openly raising money for a documentary project suggesting that COVID-19 is a conspiracy.
A Kickstarter user attempted to use the platform to fund production of a documentary (T0017: Conduct Fundraising, T0087: Develop Video-Based Content, T0146: Account Asset, T0148.006: Crowdfunding Platform).
On Patreon, we found several instances of direct monetisation of COVID-19 disinformation, including posts promoting a device allegedly protecting against COVID-19 and 5G, as well as posts related to the “Plandemic” conspiracy video, which gained attention on YouTube before being removed by the platform.
We also found an account called “Stranger than fiction” entirely dedicated to disinformation, which openly states that their content was “Banned by screwtube and fakebook, our videos have been viewed over a billion times.”
The “Stranger than fiction” user presented itself as an alternative news source which had been banned from other platforms (T0146: Account Asset, T0097.202: News Outlet Persona, T0121.001: Bypass Content Bocking, T0152.012: Subscription Service Platform).
On the US-based crowdfunding platform IndieGogo, EU DisinfoLab found a successful crowdfunding campaign of €133.903 for a book called Revolution Q. This book, now also available on Amazon, claims to be “Written for both newcomers and long-time QAnon fans alike, this book is a treasure-trove of information designed to help everyone weather The Storm.”
An IndieGogo account was used to gather funds to produce a book on QAnon (T0017: Conduct Fundraising, T0085.005: Develop Book, T0146: Account Asset, T0148.006: Crowdfunding Platform), with the book later sold on Amazon marketplace (T0148.007: eCommerce Platform). |
-| [T0152.012 Subscription Service Platform](../../generated_pages/techniques/T0152.012.md) | IT00000441 The EU Disinfo Lab produced a report into disinformation published on crowdfunding platforms:
More worrisome is the direct monetisation of disinformation happening on crowdfunding platforms: on Kickstarter, we found a user openly raising money for a documentary project suggesting that COVID-19 is a conspiracy.
A Kickstarter user attempted to use the platform to fund production of a documentary (T0017: Conduct Fundraising, T0087: Develop Video-Based Content, T0146: Account Asset, T0148.006: Crowdfunding Platform).
On Patreon, we found several instances of direct monetisation of COVID-19 disinformation, including posts promoting a device allegedly protecting against COVID-19 and 5G, as well as posts related to the “Plandemic” conspiracy video, which gained attention on YouTube before being removed by the platform.
We also found an account called “Stranger than fiction” entirely dedicated to disinformation, which openly states that their content was “Banned by screwtube and fakebook, our videos have been viewed over a billion times.”
The “Stranger than fiction” user presented itself as an alternative news source which had been banned from other platforms (T0146: Account Asset, T0097.202: News Outlet Persona, T0121.001: Bypass Content Bocking, T0152.012: Subscription Service Platform).
On the US-based crowdfunding platform IndieGogo, EU DisinfoLab found a successful crowdfunding campaign of €133.903 for a book called Revolution Q. This book, now also available on Amazon, claims to be “Written for both newcomers and long-time QAnon fans alike, this book is a treasure-trove of information designed to help everyone weather The Storm.”
An IndieGogo account was used to gather funds to produce a book on QAnon (T0017: Conduct Fundraising, T0085.005: Develop Book, T0146: Account Asset, T0148.006: Crowdfunding Platform), with the book later sold on Amazon marketplace (T0148.007: eCommerce Platform). |
+| [T0017 Conduct Fundraising](../../generated_pages/techniques/T0017.md) | The EU Disinfo Lab produced a report into disinformation published on crowdfunding platforms:
More worrisome is the direct monetisation of disinformation happening on crowdfunding platforms: on Kickstarter, we found a user openly raising money for a documentary project suggesting that COVID-19 is a conspiracy.
A Kickstarter user attempted to use the platform to fund production of a documentary (T0017: Conduct Fundraising, T0087: Develop Video-Based Content, T0146: Account Asset, T0148.006: Crowdfunding Platform).
On Patreon, we found several instances of direct monetisation of COVID-19 disinformation, including posts promoting a device allegedly protecting against COVID-19 and 5G, as well as posts related to the “Plandemic” conspiracy video, which gained attention on YouTube before being removed by the platform.
We also found an account called “Stranger than fiction” entirely dedicated to disinformation, which openly states that their content was “Banned by screwtube and fakebook, our videos have been viewed over a billion times.”
The “Stranger than fiction” user presented itself as an alternative news source which had been banned from other platforms (T0146: Account Asset, T0097.202: News Outlet Persona, T0121.001: Bypass Content Bocking, T0152.012: Subscription Service Platform).
On the US-based crowdfunding platform IndieGogo, EU DisinfoLab found a successful crowdfunding campaign of €133.903 for a book called Revolution Q. This book, now also available on Amazon, claims to be “Written for both newcomers and long-time QAnon fans alike, this book is a treasure-trove of information designed to help everyone weather The Storm.”
An IndieGogo account was used to gather funds to produce a book on QAnon (T0017: Conduct Fundraising, T0085.005: Develop Book, T0146: Account Asset, T0148.006: Crowdfunding Platform), with the book later sold on Amazon marketplace (T0148.007: eCommerce Platform). |
+| [T0085.005 Develop Book](../../generated_pages/techniques/T0085.005.md) | The EU Disinfo Lab produced a report into disinformation published on crowdfunding platforms:
More worrisome is the direct monetisation of disinformation happening on crowdfunding platforms: on Kickstarter, we found a user openly raising money for a documentary project suggesting that COVID-19 is a conspiracy.
A Kickstarter user attempted to use the platform to fund production of a documentary (T0017: Conduct Fundraising, T0087: Develop Video-Based Content, T0146: Account Asset, T0148.006: Crowdfunding Platform).
On Patreon, we found several instances of direct monetisation of COVID-19 disinformation, including posts promoting a device allegedly protecting against COVID-19 and 5G, as well as posts related to the “Plandemic” conspiracy video, which gained attention on YouTube before being removed by the platform.
We also found an account called “Stranger than fiction” entirely dedicated to disinformation, which openly states that their content was “Banned by screwtube and fakebook, our videos have been viewed over a billion times.”
The “Stranger than fiction” user presented itself as an alternative news source which had been banned from other platforms (T0146: Account Asset, T0097.202: News Outlet Persona, T0121.001: Bypass Content Bocking, T0152.012: Subscription Service Platform).
On the US-based crowdfunding platform IndieGogo, EU DisinfoLab found a successful crowdfunding campaign of €133.903 for a book called Revolution Q. This book, now also available on Amazon, claims to be “Written for both newcomers and long-time QAnon fans alike, this book is a treasure-trove of information designed to help everyone weather The Storm.”
An IndieGogo account was used to gather funds to produce a book on QAnon (T0017: Conduct Fundraising, T0085.005: Develop Book, T0146: Account Asset, T0148.006: Crowdfunding Platform), with the book later sold on Amazon marketplace (T0148.007: eCommerce Platform). |
+| [T0087 Develop Video-Based Content](../../generated_pages/techniques/T0087.md) | The EU Disinfo Lab produced a report into disinformation published on crowdfunding platforms:
More worrisome is the direct monetisation of disinformation happening on crowdfunding platforms: on Kickstarter, we found a user openly raising money for a documentary project suggesting that COVID-19 is a conspiracy.
A Kickstarter user attempted to use the platform to fund production of a documentary (T0017: Conduct Fundraising, T0087: Develop Video-Based Content, T0146: Account Asset, T0148.006: Crowdfunding Platform).
On Patreon, we found several instances of direct monetisation of COVID-19 disinformation, including posts promoting a device allegedly protecting against COVID-19 and 5G, as well as posts related to the “Plandemic” conspiracy video, which gained attention on YouTube before being removed by the platform.
We also found an account called “Stranger than fiction” entirely dedicated to disinformation, which openly states that their content was “Banned by screwtube and fakebook, our videos have been viewed over a billion times.”
The “Stranger than fiction” user presented itself as an alternative news source which had been banned from other platforms (T0146: Account Asset, T0097.202: News Outlet Persona, T0121.001: Bypass Content Bocking, T0152.012: Subscription Service Platform).
On the US-based crowdfunding platform IndieGogo, EU DisinfoLab found a successful crowdfunding campaign of €133.903 for a book called Revolution Q. This book, now also available on Amazon, claims to be “Written for both newcomers and long-time QAnon fans alike, this book is a treasure-trove of information designed to help everyone weather The Storm.”
An IndieGogo account was used to gather funds to produce a book on QAnon (T0017: Conduct Fundraising, T0085.005: Develop Book, T0146: Account Asset, T0148.006: Crowdfunding Platform), with the book later sold on Amazon marketplace (T0148.007: eCommerce Platform). |
+| [T0097.202 News Outlet Persona](../../generated_pages/techniques/T0097.202.md) | The EU Disinfo Lab produced a report into disinformation published on crowdfunding platforms:
More worrisome is the direct monetisation of disinformation happening on crowdfunding platforms: on Kickstarter, we found a user openly raising money for a documentary project suggesting that COVID-19 is a conspiracy.
A Kickstarter user attempted to use the platform to fund production of a documentary (T0017: Conduct Fundraising, T0087: Develop Video-Based Content, T0146: Account Asset, T0148.006: Crowdfunding Platform).
On Patreon, we found several instances of direct monetisation of COVID-19 disinformation, including posts promoting a device allegedly protecting against COVID-19 and 5G, as well as posts related to the “Plandemic” conspiracy video, which gained attention on YouTube before being removed by the platform.
We also found an account called “Stranger than fiction” entirely dedicated to disinformation, which openly states that their content was “Banned by screwtube and fakebook, our videos have been viewed over a billion times.”
The “Stranger than fiction” user presented itself as an alternative news source which had been banned from other platforms (T0146: Account Asset, T0097.202: News Outlet Persona, T0121.001: Bypass Content Bocking, T0152.012: Subscription Service Platform).
On the US-based crowdfunding platform IndieGogo, EU DisinfoLab found a successful crowdfunding campaign of €133.903 for a book called Revolution Q. This book, now also available on Amazon, claims to be “Written for both newcomers and long-time QAnon fans alike, this book is a treasure-trove of information designed to help everyone weather The Storm.”
An IndieGogo account was used to gather funds to produce a book on QAnon (T0017: Conduct Fundraising, T0085.005: Develop Book, T0146: Account Asset, T0148.006: Crowdfunding Platform), with the book later sold on Amazon marketplace (T0148.007: eCommerce Platform). |
+| [T0121.001 Bypass Content Blocking](../../generated_pages/techniques/T0121.001.md) | The EU Disinfo Lab produced a report into disinformation published on crowdfunding platforms:
More worrisome is the direct monetisation of disinformation happening on crowdfunding platforms: on Kickstarter, we found a user openly raising money for a documentary project suggesting that COVID-19 is a conspiracy.
A Kickstarter user attempted to use the platform to fund production of a documentary (T0017: Conduct Fundraising, T0087: Develop Video-Based Content, T0146: Account Asset, T0148.006: Crowdfunding Platform).
On Patreon, we found several instances of direct monetisation of COVID-19 disinformation, including posts promoting a device allegedly protecting against COVID-19 and 5G, as well as posts related to the “Plandemic” conspiracy video, which gained attention on YouTube before being removed by the platform.
We also found an account called “Stranger than fiction” entirely dedicated to disinformation, which openly states that their content was “Banned by screwtube and fakebook, our videos have been viewed over a billion times.”
The “Stranger than fiction” user presented itself as an alternative news source which had been banned from other platforms (T0146: Account Asset, T0097.202: News Outlet Persona, T0121.001: Bypass Content Bocking, T0152.012: Subscription Service Platform).
On the US-based crowdfunding platform IndieGogo, EU DisinfoLab found a successful crowdfunding campaign of €133.903 for a book called Revolution Q. This book, now also available on Amazon, claims to be “Written for both newcomers and long-time QAnon fans alike, this book is a treasure-trove of information designed to help everyone weather The Storm.”
An IndieGogo account was used to gather funds to produce a book on QAnon (T0017: Conduct Fundraising, T0085.005: Develop Book, T0146: Account Asset, T0148.006: Crowdfunding Platform), with the book later sold on Amazon marketplace (T0148.007: eCommerce Platform). |
+| [T0146 Account Asset](../../generated_pages/techniques/T0146.md) | The EU Disinfo Lab produced a report into disinformation published on crowdfunding platforms:
More worrisome is the direct monetisation of disinformation happening on crowdfunding platforms: on Kickstarter, we found a user openly raising money for a documentary project suggesting that COVID-19 is a conspiracy.
A Kickstarter user attempted to use the platform to fund production of a documentary (T0017: Conduct Fundraising, T0087: Develop Video-Based Content, T0146: Account Asset, T0148.006: Crowdfunding Platform).
On Patreon, we found several instances of direct monetisation of COVID-19 disinformation, including posts promoting a device allegedly protecting against COVID-19 and 5G, as well as posts related to the “Plandemic” conspiracy video, which gained attention on YouTube before being removed by the platform.
We also found an account called “Stranger than fiction” entirely dedicated to disinformation, which openly states that their content was “Banned by screwtube and fakebook, our videos have been viewed over a billion times.”
The “Stranger than fiction” user presented itself as an alternative news source which had been banned from other platforms (T0146: Account Asset, T0097.202: News Outlet Persona, T0121.001: Bypass Content Bocking, T0152.012: Subscription Service Platform).
On the US-based crowdfunding platform IndieGogo, EU DisinfoLab found a successful crowdfunding campaign of €133.903 for a book called Revolution Q. This book, now also available on Amazon, claims to be “Written for both newcomers and long-time QAnon fans alike, this book is a treasure-trove of information designed to help everyone weather The Storm.”
An IndieGogo account was used to gather funds to produce a book on QAnon (T0017: Conduct Fundraising, T0085.005: Develop Book, T0146: Account Asset, T0148.006: Crowdfunding Platform), with the book later sold on Amazon marketplace (T0148.007: eCommerce Platform). |
+| [T0148.006 Crowdfunding Platform](../../generated_pages/techniques/T0148.006.md) | The EU Disinfo Lab produced a report into disinformation published on crowdfunding platforms:
More worrisome is the direct monetisation of disinformation happening on crowdfunding platforms: on Kickstarter, we found a user openly raising money for a documentary project suggesting that COVID-19 is a conspiracy.
A Kickstarter user attempted to use the platform to fund production of a documentary (T0017: Conduct Fundraising, T0087: Develop Video-Based Content, T0146: Account Asset, T0148.006: Crowdfunding Platform).
On Patreon, we found several instances of direct monetisation of COVID-19 disinformation, including posts promoting a device allegedly protecting against COVID-19 and 5G, as well as posts related to the “Plandemic” conspiracy video, which gained attention on YouTube before being removed by the platform.
We also found an account called “Stranger than fiction” entirely dedicated to disinformation, which openly states that their content was “Banned by screwtube and fakebook, our videos have been viewed over a billion times.”
The “Stranger than fiction” user presented itself as an alternative news source which had been banned from other platforms (T0146: Account Asset, T0097.202: News Outlet Persona, T0121.001: Bypass Content Bocking, T0152.012: Subscription Service Platform).
On the US-based crowdfunding platform IndieGogo, EU DisinfoLab found a successful crowdfunding campaign of €133.903 for a book called Revolution Q. This book, now also available on Amazon, claims to be “Written for both newcomers and long-time QAnon fans alike, this book is a treasure-trove of information designed to help everyone weather The Storm.”
An IndieGogo account was used to gather funds to produce a book on QAnon (T0017: Conduct Fundraising, T0085.005: Develop Book, T0146: Account Asset, T0148.006: Crowdfunding Platform), with the book later sold on Amazon marketplace (T0148.007: eCommerce Platform). |
+| [T0148.007 eCommerce Platform](../../generated_pages/techniques/T0148.007.md) | The EU Disinfo Lab produced a report into disinformation published on crowdfunding platforms:
More worrisome is the direct monetisation of disinformation happening on crowdfunding platforms: on Kickstarter, we found a user openly raising money for a documentary project suggesting that COVID-19 is a conspiracy.
A Kickstarter user attempted to use the platform to fund production of a documentary (T0017: Conduct Fundraising, T0087: Develop Video-Based Content, T0146: Account Asset, T0148.006: Crowdfunding Platform).
On Patreon, we found several instances of direct monetisation of COVID-19 disinformation, including posts promoting a device allegedly protecting against COVID-19 and 5G, as well as posts related to the “Plandemic” conspiracy video, which gained attention on YouTube before being removed by the platform.
We also found an account called “Stranger than fiction” entirely dedicated to disinformation, which openly states that their content was “Banned by screwtube and fakebook, our videos have been viewed over a billion times.”
The “Stranger than fiction” user presented itself as an alternative news source which had been banned from other platforms (T0146: Account Asset, T0097.202: News Outlet Persona, T0121.001: Bypass Content Bocking, T0152.012: Subscription Service Platform).
On the US-based crowdfunding platform IndieGogo, EU DisinfoLab found a successful crowdfunding campaign of €133.903 for a book called Revolution Q. This book, now also available on Amazon, claims to be “Written for both newcomers and long-time QAnon fans alike, this book is a treasure-trove of information designed to help everyone weather The Storm.”
An IndieGogo account was used to gather funds to produce a book on QAnon (T0017: Conduct Fundraising, T0085.005: Develop Book, T0146: Account Asset, T0148.006: Crowdfunding Platform), with the book later sold on Amazon marketplace (T0148.007: eCommerce Platform). |
+| [T0152.012 Subscription Service Platform](../../generated_pages/techniques/T0152.012.md) | The EU Disinfo Lab produced a report into disinformation published on crowdfunding platforms:
More worrisome is the direct monetisation of disinformation happening on crowdfunding platforms: on Kickstarter, we found a user openly raising money for a documentary project suggesting that COVID-19 is a conspiracy.
A Kickstarter user attempted to use the platform to fund production of a documentary (T0017: Conduct Fundraising, T0087: Develop Video-Based Content, T0146: Account Asset, T0148.006: Crowdfunding Platform).
On Patreon, we found several instances of direct monetisation of COVID-19 disinformation, including posts promoting a device allegedly protecting against COVID-19 and 5G, as well as posts related to the “Plandemic” conspiracy video, which gained attention on YouTube before being removed by the platform.
We also found an account called “Stranger than fiction” entirely dedicated to disinformation, which openly states that their content was “Banned by screwtube and fakebook, our videos have been viewed over a billion times.”
The “Stranger than fiction” user presented itself as an alternative news source which had been banned from other platforms (T0146: Account Asset, T0097.202: News Outlet Persona, T0121.001: Bypass Content Bocking, T0152.012: Subscription Service Platform).
On the US-based crowdfunding platform IndieGogo, EU DisinfoLab found a successful crowdfunding campaign of €133.903 for a book called Revolution Q. This book, now also available on Amazon, claims to be “Written for both newcomers and long-time QAnon fans alike, this book is a treasure-trove of information designed to help everyone weather The Storm.”
An IndieGogo account was used to gather funds to produce a book on QAnon (T0017: Conduct Fundraising, T0085.005: Develop Book, T0146: Account Asset, T0148.006: Crowdfunding Platform), with the book later sold on Amazon marketplace (T0148.007: eCommerce Platform). |
DO NOT EDIT ABOVE THIS LINE - PLEASE ADD NOTES BELOW
\ No newline at end of file
diff --git a/generated_pages/incidents/I00111.md b/generated_pages/incidents/I00111.md
index 52766bd..590d04e 100644
--- a/generated_pages/incidents/I00111.md
+++ b/generated_pages/incidents/I00111.md
@@ -21,13 +21,13 @@
| Technique | Description given for this incident |
| --------- | ------------------------- |
-| [T0085 Develop Text-Based Content](../../generated_pages/techniques/T0085.md) | IT00000444 In this article VICE News discusses a report produced by Advance Democracy on people who use Patreon to spread the false claim that an impending ice age will reverse the harms of the ongoing climate crisis:
“The spread of climate misinformation is prolific on social media, as well as on sites like Patreon, where users are actually financially compensated through the platform for spreading falsehoods,” Daniel Jones, president of Advance Democracy, told VICE News.
“Companies hosting and promoting climate misinformation have a responsibility to take action to reduce dangerous misinformation, as falsehoods about climate science are every bit as dangerous as lies about vaccinations and disinformation about our elections.”
Patreon did not respond to VICE News’ request for comment on the report’s findings.
One of the biggest accounts spreading climate conspiracies is ADAPT 2030, which is run by David DuByne, who has 1,100 followers on Patreon. He is currently making over $3,500 every month from his subscribers.
[The science DuByne relies on does not support his hypothesis. However,] this has not prevented DuByne and many others from preying on people’s fears about climate change to spread conspiracies about an impending ice age, which they say will miraculously fix all of earth’s climate problems.
DuByne offers seven different membership levels for supporters, beginning at just $1 per month.
The most expensive costs $100 a month, and gives patrons “a private 20-minute call with David DuByne once per month, to discuss your particular preparedness issues or concerns.” So far just two people are paying this amount.
The researchers also found at least eight other accounts on Patreon that have spread climate change conspiracy theories as part of wider conspiracy sharing, including baseless claims about COVID-19 and the legitimacy of Joe Biden’s presidency. Some of these accounts are earning over $600 per month.
David DuByne created an account on Patreon, which he uses to post text, videos, and podcasts for his subscribers to discuss (T0085: Develop Text-Based Content, T0087: Develop Video-Based Content, T0088: Develop Audio-Based Content, T0146: Account Asset, T0115: Post Content, T0152.012: Subscription Service Platform, T0151.014: Comments Section, T0155.006: Subscription Access Asset). |
-| [T0087 Develop Video-Based Content](../../generated_pages/techniques/T0087.md) | IT00000445 In this article VICE News discusses a report produced by Advance Democracy on people who use Patreon to spread the false claim that an impending ice age will reverse the harms of the ongoing climate crisis:
“The spread of climate misinformation is prolific on social media, as well as on sites like Patreon, where users are actually financially compensated through the platform for spreading falsehoods,” Daniel Jones, president of Advance Democracy, told VICE News.
“Companies hosting and promoting climate misinformation have a responsibility to take action to reduce dangerous misinformation, as falsehoods about climate science are every bit as dangerous as lies about vaccinations and disinformation about our elections.”
Patreon did not respond to VICE News’ request for comment on the report’s findings.
One of the biggest accounts spreading climate conspiracies is ADAPT 2030, which is run by David DuByne, who has 1,100 followers on Patreon. He is currently making over $3,500 every month from his subscribers.
[The science DuByne relies on does not support his hypothesis. However,] this has not prevented DuByne and many others from preying on people’s fears about climate change to spread conspiracies about an impending ice age, which they say will miraculously fix all of earth’s climate problems.
DuByne offers seven different membership levels for supporters, beginning at just $1 per month.
The most expensive costs $100 a month, and gives patrons “a private 20-minute call with David DuByne once per month, to discuss your particular preparedness issues or concerns.” So far just two people are paying this amount.
The researchers also found at least eight other accounts on Patreon that have spread climate change conspiracy theories as part of wider conspiracy sharing, including baseless claims about COVID-19 and the legitimacy of Joe Biden’s presidency. Some of these accounts are earning over $600 per month.
David DuByne created an account on Patreon, which he uses to post text, videos, and podcasts for his subscribers to discuss (T0085: Develop Text-Based Content, T0087: Develop Video-Based Content, T0088: Develop Audio-Based Content, T0146: Account Asset, T0115: Post Content, T0152.012: Subscription Service Platform, T0151.014: Comments Section, T0155.006: Subscription Access Asset). |
-| [T0088 Develop Audio-Based Content](../../generated_pages/techniques/T0088.md) | IT00000446 In this article VICE News discusses a report produced by Advance Democracy on people who use Patreon to spread the false claim that an impending ice age will reverse the harms of the ongoing climate crisis:
“The spread of climate misinformation is prolific on social media, as well as on sites like Patreon, where users are actually financially compensated through the platform for spreading falsehoods,” Daniel Jones, president of Advance Democracy, told VICE News.
“Companies hosting and promoting climate misinformation have a responsibility to take action to reduce dangerous misinformation, as falsehoods about climate science are every bit as dangerous as lies about vaccinations and disinformation about our elections.”
Patreon did not respond to VICE News’ request for comment on the report’s findings.
One of the biggest accounts spreading climate conspiracies is ADAPT 2030, which is run by David DuByne, who has 1,100 followers on Patreon. He is currently making over $3,500 every month from his subscribers.
[The science DuByne relies on does not support his hypothesis. However,] this has not prevented DuByne and many others from preying on people’s fears about climate change to spread conspiracies about an impending ice age, which they say will miraculously fix all of earth’s climate problems.
DuByne offers seven different membership levels for supporters, beginning at just $1 per month.
The most expensive costs $100 a month, and gives patrons “a private 20-minute call with David DuByne once per month, to discuss your particular preparedness issues or concerns.” So far just two people are paying this amount.
The researchers also found at least eight other accounts on Patreon that have spread climate change conspiracy theories as part of wider conspiracy sharing, including baseless claims about COVID-19 and the legitimacy of Joe Biden’s presidency. Some of these accounts are earning over $600 per month.
David DuByne created an account on Patreon, which he uses to post text, videos, and podcasts for his subscribers to discuss (T0085: Develop Text-Based Content, T0087: Develop Video-Based Content, T0088: Develop Audio-Based Content, T0146: Account Asset, T0115: Post Content, T0152.012: Subscription Service Platform, T0151.014: Comments Section, T0155.006: Subscription Access Asset). |
-| [T0146 Account Asset](../../generated_pages/techniques/T0146.md) | IT00000447 In this article VICE News discusses a report produced by Advance Democracy on people who use Patreon to spread the false claim that an impending ice age will reverse the harms of the ongoing climate crisis:
“The spread of climate misinformation is prolific on social media, as well as on sites like Patreon, where users are actually financially compensated through the platform for spreading falsehoods,” Daniel Jones, president of Advance Democracy, told VICE News.
“Companies hosting and promoting climate misinformation have a responsibility to take action to reduce dangerous misinformation, as falsehoods about climate science are every bit as dangerous as lies about vaccinations and disinformation about our elections.”
Patreon did not respond to VICE News’ request for comment on the report’s findings.
One of the biggest accounts spreading climate conspiracies is ADAPT 2030, which is run by David DuByne, who has 1,100 followers on Patreon. He is currently making over $3,500 every month from his subscribers.
[The science DuByne relies on does not support his hypothesis. However,] this has not prevented DuByne and many others from preying on people’s fears about climate change to spread conspiracies about an impending ice age, which they say will miraculously fix all of earth’s climate problems.
DuByne offers seven different membership levels for supporters, beginning at just $1 per month.
The most expensive costs $100 a month, and gives patrons “a private 20-minute call with David DuByne once per month, to discuss your particular preparedness issues or concerns.” So far just two people are paying this amount.
The researchers also found at least eight other accounts on Patreon that have spread climate change conspiracy theories as part of wider conspiracy sharing, including baseless claims about COVID-19 and the legitimacy of Joe Biden’s presidency. Some of these accounts are earning over $600 per month.
David DuByne created an account on Patreon, which he uses to post text, videos, and podcasts for his subscribers to discuss (T0085: Develop Text-Based Content, T0087: Develop Video-Based Content, T0088: Develop Audio-Based Content, T0146: Account Asset, T0115: Post Content, T0152.012: Subscription Service Platform, T0151.014: Comments Section, T0155.006: Subscription Access Asset). |
-| [T0151.014 Comments Section](../../generated_pages/techniques/T0151.014.md) | IT00000449 In this article VICE News discusses a report produced by Advance Democracy on people who use Patreon to spread the false claim that an impending ice age will reverse the harms of the ongoing climate crisis:
“The spread of climate misinformation is prolific on social media, as well as on sites like Patreon, where users are actually financially compensated through the platform for spreading falsehoods,” Daniel Jones, president of Advance Democracy, told VICE News.
“Companies hosting and promoting climate misinformation have a responsibility to take action to reduce dangerous misinformation, as falsehoods about climate science are every bit as dangerous as lies about vaccinations and disinformation about our elections.”
Patreon did not respond to VICE News’ request for comment on the report’s findings.
One of the biggest accounts spreading climate conspiracies is ADAPT 2030, which is run by David DuByne, who has 1,100 followers on Patreon. He is currently making over $3,500 every month from his subscribers.
[The science DuByne relies on does not support his hypothesis. However,] this has not prevented DuByne and many others from preying on people’s fears about climate change to spread conspiracies about an impending ice age, which they say will miraculously fix all of earth’s climate problems.
DuByne offers seven different membership levels for supporters, beginning at just $1 per month.
The most expensive costs $100 a month, and gives patrons “a private 20-minute call with David DuByne once per month, to discuss your particular preparedness issues or concerns.” So far just two people are paying this amount.
The researchers also found at least eight other accounts on Patreon that have spread climate change conspiracy theories as part of wider conspiracy sharing, including baseless claims about COVID-19 and the legitimacy of Joe Biden’s presidency. Some of these accounts are earning over $600 per month.
David DuByne created an account on Patreon, which he uses to post text, videos, and podcasts for his subscribers to discuss (T0085: Develop Text-Based Content, T0087: Develop Video-Based Content, T0088: Develop Audio-Based Content, T0146: Account Asset, T0115: Post Content, T0152.012: Subscription Service Platform, T0151.014: Comments Section, T0155.006: Subscription Access Asset). |
-| [T0152.012 Subscription Service Platform](../../generated_pages/techniques/T0152.012.md) | IT00000448 In this article VICE News discusses a report produced by Advance Democracy on people who use Patreon to spread the false claim that an impending ice age will reverse the harms of the ongoing climate crisis:
“The spread of climate misinformation is prolific on social media, as well as on sites like Patreon, where users are actually financially compensated through the platform for spreading falsehoods,” Daniel Jones, president of Advance Democracy, told VICE News.
“Companies hosting and promoting climate misinformation have a responsibility to take action to reduce dangerous misinformation, as falsehoods about climate science are every bit as dangerous as lies about vaccinations and disinformation about our elections.”
Patreon did not respond to VICE News’ request for comment on the report’s findings.
One of the biggest accounts spreading climate conspiracies is ADAPT 2030, which is run by David DuByne, who has 1,100 followers on Patreon. He is currently making over $3,500 every month from his subscribers.
[The science DuByne relies on does not support his hypothesis. However,] this has not prevented DuByne and many others from preying on people’s fears about climate change to spread conspiracies about an impending ice age, which they say will miraculously fix all of earth’s climate problems.
DuByne offers seven different membership levels for supporters, beginning at just $1 per month.
The most expensive costs $100 a month, and gives patrons “a private 20-minute call with David DuByne once per month, to discuss your particular preparedness issues or concerns.” So far just two people are paying this amount.
The researchers also found at least eight other accounts on Patreon that have spread climate change conspiracy theories as part of wider conspiracy sharing, including baseless claims about COVID-19 and the legitimacy of Joe Biden’s presidency. Some of these accounts are earning over $600 per month.
David DuByne created an account on Patreon, which he uses to post text, videos, and podcasts for his subscribers to discuss (T0085: Develop Text-Based Content, T0087: Develop Video-Based Content, T0088: Develop Audio-Based Content, T0146: Account Asset, T0115: Post Content, T0152.012: Subscription Service Platform, T0151.014: Comments Section, T0155.006: Subscription Access Asset). |
-| [T0155.006 Subscription Access Asset](../../generated_pages/techniques/T0155.006.md) | IT00000450 In this article VICE News discusses a report produced by Advance Democracy on people who use Patreon to spread the false claim that an impending ice age will reverse the harms of the ongoing climate crisis:
“The spread of climate misinformation is prolific on social media, as well as on sites like Patreon, where users are actually financially compensated through the platform for spreading falsehoods,” Daniel Jones, president of Advance Democracy, told VICE News.
“Companies hosting and promoting climate misinformation have a responsibility to take action to reduce dangerous misinformation, as falsehoods about climate science are every bit as dangerous as lies about vaccinations and disinformation about our elections.”
Patreon did not respond to VICE News’ request for comment on the report’s findings.
One of the biggest accounts spreading climate conspiracies is ADAPT 2030, which is run by David DuByne, who has 1,100 followers on Patreon. He is currently making over $3,500 every month from his subscribers.
[The science DuByne relies on does not support his hypothesis. However,] this has not prevented DuByne and many others from preying on people’s fears about climate change to spread conspiracies about an impending ice age, which they say will miraculously fix all of earth’s climate problems.
DuByne offers seven different membership levels for supporters, beginning at just $1 per month.
The most expensive costs $100 a month, and gives patrons “a private 20-minute call with David DuByne once per month, to discuss your particular preparedness issues or concerns.” So far just two people are paying this amount.
The researchers also found at least eight other accounts on Patreon that have spread climate change conspiracy theories as part of wider conspiracy sharing, including baseless claims about COVID-19 and the legitimacy of Joe Biden’s presidency. Some of these accounts are earning over $600 per month.
David DuByne created an account on Patreon, which he uses to post text, videos, and podcasts for his subscribers to discuss (T0085: Develop Text-Based Content, T0087: Develop Video-Based Content, T0088: Develop Audio-Based Content, T0146: Account Asset, T0115: Post Content, T0152.012: Subscription Service Platform, T0151.014: Comments Section, T0155.006: Subscription Access Asset). |
+| [T0085 Develop Text-Based Content](../../generated_pages/techniques/T0085.md) | In this article VICE News discusses a report produced by Advance Democracy on people who use Patreon to spread the false claim that an impending ice age will reverse the harms of the ongoing climate crisis:
“The spread of climate misinformation is prolific on social media, as well as on sites like Patreon, where users are actually financially compensated through the platform for spreading falsehoods,” Daniel Jones, president of Advance Democracy, told VICE News.
“Companies hosting and promoting climate misinformation have a responsibility to take action to reduce dangerous misinformation, as falsehoods about climate science are every bit as dangerous as lies about vaccinations and disinformation about our elections.”
Patreon did not respond to VICE News’ request for comment on the report’s findings.
One of the biggest accounts spreading climate conspiracies is ADAPT 2030, which is run by David DuByne, who has 1,100 followers on Patreon. He is currently making over $3,500 every month from his subscribers.
[The science DuByne relies on does not support his hypothesis. However,] this has not prevented DuByne and many others from preying on people’s fears about climate change to spread conspiracies about an impending ice age, which they say will miraculously fix all of earth’s climate problems.
DuByne offers seven different membership levels for supporters, beginning at just $1 per month.
The most expensive costs $100 a month, and gives patrons “a private 20-minute call with David DuByne once per month, to discuss your particular preparedness issues or concerns.” So far just two people are paying this amount.
The researchers also found at least eight other accounts on Patreon that have spread climate change conspiracy theories as part of wider conspiracy sharing, including baseless claims about COVID-19 and the legitimacy of Joe Biden’s presidency. Some of these accounts are earning over $600 per month.
David DuByne created an account on Patreon, which he uses to post text, videos, and podcasts for his subscribers to discuss (T0085: Develop Text-Based Content, T0087: Develop Video-Based Content, T0088: Develop Audio-Based Content, T0146: Account Asset, T0115: Post Content, T0152.012: Subscription Service Platform, T0151.014: Comments Section, T0155.006: Subscription Access Asset). |
+| [T0087 Develop Video-Based Content](../../generated_pages/techniques/T0087.md) | In this article VICE News discusses a report produced by Advance Democracy on people who use Patreon to spread the false claim that an impending ice age will reverse the harms of the ongoing climate crisis:
“The spread of climate misinformation is prolific on social media, as well as on sites like Patreon, where users are actually financially compensated through the platform for spreading falsehoods,” Daniel Jones, president of Advance Democracy, told VICE News.
“Companies hosting and promoting climate misinformation have a responsibility to take action to reduce dangerous misinformation, as falsehoods about climate science are every bit as dangerous as lies about vaccinations and disinformation about our elections.”
Patreon did not respond to VICE News’ request for comment on the report’s findings.
One of the biggest accounts spreading climate conspiracies is ADAPT 2030, which is run by David DuByne, who has 1,100 followers on Patreon. He is currently making over $3,500 every month from his subscribers.
[The science DuByne relies on does not support his hypothesis. However,] this has not prevented DuByne and many others from preying on people’s fears about climate change to spread conspiracies about an impending ice age, which they say will miraculously fix all of earth’s climate problems.
DuByne offers seven different membership levels for supporters, beginning at just $1 per month.
The most expensive costs $100 a month, and gives patrons “a private 20-minute call with David DuByne once per month, to discuss your particular preparedness issues or concerns.” So far just two people are paying this amount.
The researchers also found at least eight other accounts on Patreon that have spread climate change conspiracy theories as part of wider conspiracy sharing, including baseless claims about COVID-19 and the legitimacy of Joe Biden’s presidency. Some of these accounts are earning over $600 per month.
David DuByne created an account on Patreon, which he uses to post text, videos, and podcasts for his subscribers to discuss (T0085: Develop Text-Based Content, T0087: Develop Video-Based Content, T0088: Develop Audio-Based Content, T0146: Account Asset, T0115: Post Content, T0152.012: Subscription Service Platform, T0151.014: Comments Section, T0155.006: Subscription Access Asset). |
+| [T0088 Develop Audio-Based Content](../../generated_pages/techniques/T0088.md) | In this article VICE News discusses a report produced by Advance Democracy on people who use Patreon to spread the false claim that an impending ice age will reverse the harms of the ongoing climate crisis:
“The spread of climate misinformation is prolific on social media, as well as on sites like Patreon, where users are actually financially compensated through the platform for spreading falsehoods,” Daniel Jones, president of Advance Democracy, told VICE News.
“Companies hosting and promoting climate misinformation have a responsibility to take action to reduce dangerous misinformation, as falsehoods about climate science are every bit as dangerous as lies about vaccinations and disinformation about our elections.”
Patreon did not respond to VICE News’ request for comment on the report’s findings.
One of the biggest accounts spreading climate conspiracies is ADAPT 2030, which is run by David DuByne, who has 1,100 followers on Patreon. He is currently making over $3,500 every month from his subscribers.
[The science DuByne relies on does not support his hypothesis. However,] this has not prevented DuByne and many others from preying on people’s fears about climate change to spread conspiracies about an impending ice age, which they say will miraculously fix all of earth’s climate problems.
DuByne offers seven different membership levels for supporters, beginning at just $1 per month.
The most expensive costs $100 a month, and gives patrons “a private 20-minute call with David DuByne once per month, to discuss your particular preparedness issues or concerns.” So far just two people are paying this amount.
The researchers also found at least eight other accounts on Patreon that have spread climate change conspiracy theories as part of wider conspiracy sharing, including baseless claims about COVID-19 and the legitimacy of Joe Biden’s presidency. Some of these accounts are earning over $600 per month.
David DuByne created an account on Patreon, which he uses to post text, videos, and podcasts for his subscribers to discuss (T0085: Develop Text-Based Content, T0087: Develop Video-Based Content, T0088: Develop Audio-Based Content, T0146: Account Asset, T0115: Post Content, T0152.012: Subscription Service Platform, T0151.014: Comments Section, T0155.006: Subscription Access Asset). |
+| [T0146 Account Asset](../../generated_pages/techniques/T0146.md) | In this article VICE News discusses a report produced by Advance Democracy on people who use Patreon to spread the false claim that an impending ice age will reverse the harms of the ongoing climate crisis:
“The spread of climate misinformation is prolific on social media, as well as on sites like Patreon, where users are actually financially compensated through the platform for spreading falsehoods,” Daniel Jones, president of Advance Democracy, told VICE News.
“Companies hosting and promoting climate misinformation have a responsibility to take action to reduce dangerous misinformation, as falsehoods about climate science are every bit as dangerous as lies about vaccinations and disinformation about our elections.”
Patreon did not respond to VICE News’ request for comment on the report’s findings.
One of the biggest accounts spreading climate conspiracies is ADAPT 2030, which is run by David DuByne, who has 1,100 followers on Patreon. He is currently making over $3,500 every month from his subscribers.
[The science DuByne relies on does not support his hypothesis. However,] this has not prevented DuByne and many others from preying on people’s fears about climate change to spread conspiracies about an impending ice age, which they say will miraculously fix all of earth’s climate problems.
DuByne offers seven different membership levels for supporters, beginning at just $1 per month.
The most expensive costs $100 a month, and gives patrons “a private 20-minute call with David DuByne once per month, to discuss your particular preparedness issues or concerns.” So far just two people are paying this amount.
The researchers also found at least eight other accounts on Patreon that have spread climate change conspiracy theories as part of wider conspiracy sharing, including baseless claims about COVID-19 and the legitimacy of Joe Biden’s presidency. Some of these accounts are earning over $600 per month.
David DuByne created an account on Patreon, which he uses to post text, videos, and podcasts for his subscribers to discuss (T0085: Develop Text-Based Content, T0087: Develop Video-Based Content, T0088: Develop Audio-Based Content, T0146: Account Asset, T0115: Post Content, T0152.012: Subscription Service Platform, T0151.014: Comments Section, T0155.006: Subscription Access Asset). |
+| [T0151.014 Comments Section](../../generated_pages/techniques/T0151.014.md) | In this article VICE News discusses a report produced by Advance Democracy on people who use Patreon to spread the false claim that an impending ice age will reverse the harms of the ongoing climate crisis:
“The spread of climate misinformation is prolific on social media, as well as on sites like Patreon, where users are actually financially compensated through the platform for spreading falsehoods,” Daniel Jones, president of Advance Democracy, told VICE News.
“Companies hosting and promoting climate misinformation have a responsibility to take action to reduce dangerous misinformation, as falsehoods about climate science are every bit as dangerous as lies about vaccinations and disinformation about our elections.”
Patreon did not respond to VICE News’ request for comment on the report’s findings.
One of the biggest accounts spreading climate conspiracies is ADAPT 2030, which is run by David DuByne, who has 1,100 followers on Patreon. He is currently making over $3,500 every month from his subscribers.
[The science DuByne relies on does not support his hypothesis. However,] this has not prevented DuByne and many others from preying on people’s fears about climate change to spread conspiracies about an impending ice age, which they say will miraculously fix all of earth’s climate problems.
DuByne offers seven different membership levels for supporters, beginning at just $1 per month.
The most expensive costs $100 a month, and gives patrons “a private 20-minute call with David DuByne once per month, to discuss your particular preparedness issues or concerns.” So far just two people are paying this amount.
The researchers also found at least eight other accounts on Patreon that have spread climate change conspiracy theories as part of wider conspiracy sharing, including baseless claims about COVID-19 and the legitimacy of Joe Biden’s presidency. Some of these accounts are earning over $600 per month.
David DuByne created an account on Patreon, which he uses to post text, videos, and podcasts for his subscribers to discuss (T0085: Develop Text-Based Content, T0087: Develop Video-Based Content, T0088: Develop Audio-Based Content, T0146: Account Asset, T0115: Post Content, T0152.012: Subscription Service Platform, T0151.014: Comments Section, T0155.006: Subscription Access Asset). |
+| [T0152.012 Subscription Service Platform](../../generated_pages/techniques/T0152.012.md) | In this article VICE News discusses a report produced by Advance Democracy on people who use Patreon to spread the false claim that an impending ice age will reverse the harms of the ongoing climate crisis:
“The spread of climate misinformation is prolific on social media, as well as on sites like Patreon, where users are actually financially compensated through the platform for spreading falsehoods,” Daniel Jones, president of Advance Democracy, told VICE News.
“Companies hosting and promoting climate misinformation have a responsibility to take action to reduce dangerous misinformation, as falsehoods about climate science are every bit as dangerous as lies about vaccinations and disinformation about our elections.”
Patreon did not respond to VICE News’ request for comment on the report’s findings.
One of the biggest accounts spreading climate conspiracies is ADAPT 2030, which is run by David DuByne, who has 1,100 followers on Patreon. He is currently making over $3,500 every month from his subscribers.
[The science DuByne relies on does not support his hypothesis. However,] this has not prevented DuByne and many others from preying on people’s fears about climate change to spread conspiracies about an impending ice age, which they say will miraculously fix all of earth’s climate problems.
DuByne offers seven different membership levels for supporters, beginning at just $1 per month.
The most expensive costs $100 a month, and gives patrons “a private 20-minute call with David DuByne once per month, to discuss your particular preparedness issues or concerns.” So far just two people are paying this amount.
The researchers also found at least eight other accounts on Patreon that have spread climate change conspiracy theories as part of wider conspiracy sharing, including baseless claims about COVID-19 and the legitimacy of Joe Biden’s presidency. Some of these accounts are earning over $600 per month.
David DuByne created an account on Patreon, which he uses to post text, videos, and podcasts for his subscribers to discuss (T0085: Develop Text-Based Content, T0087: Develop Video-Based Content, T0088: Develop Audio-Based Content, T0146: Account Asset, T0115: Post Content, T0152.012: Subscription Service Platform, T0151.014: Comments Section, T0155.006: Subscription Access Asset). |
+| [T0155.006 Subscription Access Asset](../../generated_pages/techniques/T0155.006.md) | In this article VICE News discusses a report produced by Advance Democracy on people who use Patreon to spread the false claim that an impending ice age will reverse the harms of the ongoing climate crisis:
“The spread of climate misinformation is prolific on social media, as well as on sites like Patreon, where users are actually financially compensated through the platform for spreading falsehoods,” Daniel Jones, president of Advance Democracy, told VICE News.
“Companies hosting and promoting climate misinformation have a responsibility to take action to reduce dangerous misinformation, as falsehoods about climate science are every bit as dangerous as lies about vaccinations and disinformation about our elections.”
Patreon did not respond to VICE News’ request for comment on the report’s findings.
One of the biggest accounts spreading climate conspiracies is ADAPT 2030, which is run by David DuByne, who has 1,100 followers on Patreon. He is currently making over $3,500 every month from his subscribers.
[The science DuByne relies on does not support his hypothesis. However,] this has not prevented DuByne and many others from preying on people’s fears about climate change to spread conspiracies about an impending ice age, which they say will miraculously fix all of earth’s climate problems.
DuByne offers seven different membership levels for supporters, beginning at just $1 per month.
The most expensive costs $100 a month, and gives patrons “a private 20-minute call with David DuByne once per month, to discuss your particular preparedness issues or concerns.” So far just two people are paying this amount.
The researchers also found at least eight other accounts on Patreon that have spread climate change conspiracy theories as part of wider conspiracy sharing, including baseless claims about COVID-19 and the legitimacy of Joe Biden’s presidency. Some of these accounts are earning over $600 per month.
David DuByne created an account on Patreon, which he uses to post text, videos, and podcasts for his subscribers to discuss (T0085: Develop Text-Based Content, T0087: Develop Video-Based Content, T0088: Develop Audio-Based Content, T0146: Account Asset, T0115: Post Content, T0152.012: Subscription Service Platform, T0151.014: Comments Section, T0155.006: Subscription Access Asset). |
DO NOT EDIT ABOVE THIS LINE - PLEASE ADD NOTES BELOW
\ No newline at end of file
diff --git a/generated_pages/incidents/I00112.md b/generated_pages/incidents/I00112.md
index 7a1df02..1a20f1a 100644
--- a/generated_pages/incidents/I00112.md
+++ b/generated_pages/incidents/I00112.md
@@ -21,9 +21,9 @@
| Technique | Description given for this incident |
| --------- | ------------------------- |
-| [T0121.001 Bypass Content Blocking](../../generated_pages/techniques/T0121.001.md) | IT00000452 In this report EU DisinfoLab identified 17 Spanish accounts that monetise and/or spread QAnon content or other conspiracy theories on Patreon. Content produced by these accounts go against Patreon’s stated policy of removing creators that “advance disinformation promoting the QAnon conspiracy theory”. EU DisinfoLab found:
In most cases, the creators monetise the content directly on Patreon (posts are only accessible for people sponsoring the creators) but there are also cases of indirect monetization (monetization through links leading to other platforms), an aspect that was flagged and analysed by Eu DisinfoLab in the mentioned previous report.
Some creators display links that redirects users to other platforms such as YouTube or LBRY where they can monetise their content. Some even offer almost all of their videos for free by redirecting to their YouTube channel.
Another modus operandi is for the creators to advertise on Patreon that they are looking for financing through PayPal or provide the author’s email to explore other financing alternatives.
[...]
Sometimes the content offered for a fee on Patreon is freely accessible on other platforms. Creators openly explain that they seek voluntary donation on Patreon, but that their creations will be public on YouTube. This means that the model of these platforms does not always involve a direct monetisation of the content. Creators who have built a strong reputation previously on other platforms can use Patreon as a platform to get some sponsorship which is not related to the content and give them more freedom to create.
Some users explicitly claim to use Patreon as a secondary channel to evade “censorship” by other platforms such as YouTube. Patreon seems to be perceived as a safe haven for disinformation and fringe content that has been suppressed for violating the policies of other platforms. For example, Jorge Guerra points out how Patreon acts as a back-up channel to go to in case of censorship by YouTube. Meanwhile, Alfa Mind openly claims to use Patreon to publish content that is not allowed on YouTube. “Exclusive access to videos that are prohibited on YouTube. These videos are only accessible on Patreon, as their content is very explicit and shocking”, are offered to the patrons who pay €3 per month.
In spite of Patreon’s stated policy, actors use accounts on their platform to generate revenue or donations for their content, and to provide a space to host content which was removed from other platforms (T0146: Account Asset, T0152.012: Subscription Service Platform, T0121.001: Bypass Content Bocking).
Some actors were observed accepting donations via PayPal (T0146: Account Asset, T0148.003: Payment Processing Platform). |
-| [T0148.003 Payment Processing Platform](../../generated_pages/techniques/T0148.003.md) | IT00000451 In this report EU DisinfoLab identified 17 Spanish accounts that monetise and/or spread QAnon content or other conspiracy theories on Patreon. Content produced by these accounts go against Patreon’s stated policy of removing creators that “advance disinformation promoting the QAnon conspiracy theory”. EU DisinfoLab found:
In most cases, the creators monetise the content directly on Patreon (posts are only accessible for people sponsoring the creators) but there are also cases of indirect monetization (monetization through links leading to other platforms), an aspect that was flagged and analysed by Eu DisinfoLab in the mentioned previous report.
Some creators display links that redirects users to other platforms such as YouTube or LBRY where they can monetise their content. Some even offer almost all of their videos for free by redirecting to their YouTube channel.
Another modus operandi is for the creators to advertise on Patreon that they are looking for financing through PayPal or provide the author’s email to explore other financing alternatives.
[...]
Sometimes the content offered for a fee on Patreon is freely accessible on other platforms. Creators openly explain that they seek voluntary donation on Patreon, but that their creations will be public on YouTube. This means that the model of these platforms does not always involve a direct monetisation of the content. Creators who have built a strong reputation previously on other platforms can use Patreon as a platform to get some sponsorship which is not related to the content and give them more freedom to create.
Some users explicitly claim to use Patreon as a secondary channel to evade “censorship” by other platforms such as YouTube. Patreon seems to be perceived as a safe haven for disinformation and fringe content that has been suppressed for violating the policies of other platforms. For example, Jorge Guerra points out how Patreon acts as a back-up channel to go to in case of censorship by YouTube. Meanwhile, Alfa Mind openly claims to use Patreon to publish content that is not allowed on YouTube. “Exclusive access to videos that are prohibited on YouTube. These videos are only accessible on Patreon, as their content is very explicit and shocking”, are offered to the patrons who pay €3 per month.
In spite of Patreon’s stated policy, actors use accounts on their platform to generate revenue or donations for their content, and to provide a space to host content which was removed from other platforms (T0146: Account Asset, T0152.012: Subscription Service Platform, T0121.001: Bypass Content Bocking).
Some actors were observed accepting donations via PayPal (T0146: Account Asset, T0148.003: Payment Processing Platform). |
-| [T0152.012 Subscription Service Platform](../../generated_pages/techniques/T0152.012.md) | IT00000453 In this report EU DisinfoLab identified 17 Spanish accounts that monetise and/or spread QAnon content or other conspiracy theories on Patreon. Content produced by these accounts go against Patreon’s stated policy of removing creators that “advance disinformation promoting the QAnon conspiracy theory”. EU DisinfoLab found:
In most cases, the creators monetise the content directly on Patreon (posts are only accessible for people sponsoring the creators) but there are also cases of indirect monetization (monetization through links leading to other platforms), an aspect that was flagged and analysed by Eu DisinfoLab in the mentioned previous report.
Some creators display links that redirects users to other platforms such as YouTube or LBRY where they can monetise their content. Some even offer almost all of their videos for free by redirecting to their YouTube channel.
Another modus operandi is for the creators to advertise on Patreon that they are looking for financing through PayPal or provide the author’s email to explore other financing alternatives.
[...]
Sometimes the content offered for a fee on Patreon is freely accessible on other platforms. Creators openly explain that they seek voluntary donation on Patreon, but that their creations will be public on YouTube. This means that the model of these platforms does not always involve a direct monetisation of the content. Creators who have built a strong reputation previously on other platforms can use Patreon as a platform to get some sponsorship which is not related to the content and give them more freedom to create.
Some users explicitly claim to use Patreon as a secondary channel to evade “censorship” by other platforms such as YouTube. Patreon seems to be perceived as a safe haven for disinformation and fringe content that has been suppressed for violating the policies of other platforms. For example, Jorge Guerra points out how Patreon acts as a back-up channel to go to in case of censorship by YouTube. Meanwhile, Alfa Mind openly claims to use Patreon to publish content that is not allowed on YouTube. “Exclusive access to videos that are prohibited on YouTube. These videos are only accessible on Patreon, as their content is very explicit and shocking”, are offered to the patrons who pay €3 per month.
In spite of Patreon’s stated policy, actors use accounts on their platform to generate revenue or donations for their content, and to provide a space to host content which was removed from other platforms (T0146: Account Asset, T0152.012: Subscription Service Platform, T0121.001: Bypass Content Bocking).
Some actors were observed accepting donations via PayPal (T0146: Account Asset, T0148.003: Payment Processing Platform). |
+| [T0121.001 Bypass Content Blocking](../../generated_pages/techniques/T0121.001.md) | In this report EU DisinfoLab identified 17 Spanish accounts that monetise and/or spread QAnon content or other conspiracy theories on Patreon. Content produced by these accounts go against Patreon’s stated policy of removing creators that “advance disinformation promoting the QAnon conspiracy theory”. EU DisinfoLab found:
In most cases, the creators monetise the content directly on Patreon (posts are only accessible for people sponsoring the creators) but there are also cases of indirect monetization (monetization through links leading to other platforms), an aspect that was flagged and analysed by Eu DisinfoLab in the mentioned previous report.
Some creators display links that redirects users to other platforms such as YouTube or LBRY where they can monetise their content. Some even offer almost all of their videos for free by redirecting to their YouTube channel.
Another modus operandi is for the creators to advertise on Patreon that they are looking for financing through PayPal or provide the author’s email to explore other financing alternatives.
[...]
Sometimes the content offered for a fee on Patreon is freely accessible on other platforms. Creators openly explain that they seek voluntary donation on Patreon, but that their creations will be public on YouTube. This means that the model of these platforms does not always involve a direct monetisation of the content. Creators who have built a strong reputation previously on other platforms can use Patreon as a platform to get some sponsorship which is not related to the content and give them more freedom to create.
Some users explicitly claim to use Patreon as a secondary channel to evade “censorship” by other platforms such as YouTube. Patreon seems to be perceived as a safe haven for disinformation and fringe content that has been suppressed for violating the policies of other platforms. For example, Jorge Guerra points out how Patreon acts as a back-up channel to go to in case of censorship by YouTube. Meanwhile, Alfa Mind openly claims to use Patreon to publish content that is not allowed on YouTube. “Exclusive access to videos that are prohibited on YouTube. These videos are only accessible on Patreon, as their content is very explicit and shocking”, are offered to the patrons who pay €3 per month.
In spite of Patreon’s stated policy, actors use accounts on their platform to generate revenue or donations for their content, and to provide a space to host content which was removed from other platforms (T0146: Account Asset, T0152.012: Subscription Service Platform, T0121.001: Bypass Content Bocking).
Some actors were observed accepting donations via PayPal (T0146: Account Asset, T0148.003: Payment Processing Platform). |
+| [T0148.003 Payment Processing Platform](../../generated_pages/techniques/T0148.003.md) | In this report EU DisinfoLab identified 17 Spanish accounts that monetise and/or spread QAnon content or other conspiracy theories on Patreon. Content produced by these accounts go against Patreon’s stated policy of removing creators that “advance disinformation promoting the QAnon conspiracy theory”. EU DisinfoLab found:
In most cases, the creators monetise the content directly on Patreon (posts are only accessible for people sponsoring the creators) but there are also cases of indirect monetization (monetization through links leading to other platforms), an aspect that was flagged and analysed by Eu DisinfoLab in the mentioned previous report.
Some creators display links that redirects users to other platforms such as YouTube or LBRY where they can monetise their content. Some even offer almost all of their videos for free by redirecting to their YouTube channel.
Another modus operandi is for the creators to advertise on Patreon that they are looking for financing through PayPal or provide the author’s email to explore other financing alternatives.
[...]
Sometimes the content offered for a fee on Patreon is freely accessible on other platforms. Creators openly explain that they seek voluntary donation on Patreon, but that their creations will be public on YouTube. This means that the model of these platforms does not always involve a direct monetisation of the content. Creators who have built a strong reputation previously on other platforms can use Patreon as a platform to get some sponsorship which is not related to the content and give them more freedom to create.
Some users explicitly claim to use Patreon as a secondary channel to evade “censorship” by other platforms such as YouTube. Patreon seems to be perceived as a safe haven for disinformation and fringe content that has been suppressed for violating the policies of other platforms. For example, Jorge Guerra points out how Patreon acts as a back-up channel to go to in case of censorship by YouTube. Meanwhile, Alfa Mind openly claims to use Patreon to publish content that is not allowed on YouTube. “Exclusive access to videos that are prohibited on YouTube. These videos are only accessible on Patreon, as their content is very explicit and shocking”, are offered to the patrons who pay €3 per month.
In spite of Patreon’s stated policy, actors use accounts on their platform to generate revenue or donations for their content, and to provide a space to host content which was removed from other platforms (T0146: Account Asset, T0152.012: Subscription Service Platform, T0121.001: Bypass Content Bocking).
Some actors were observed accepting donations via PayPal (T0146: Account Asset, T0148.003: Payment Processing Platform). |
+| [T0152.012 Subscription Service Platform](../../generated_pages/techniques/T0152.012.md) | In this report EU DisinfoLab identified 17 Spanish accounts that monetise and/or spread QAnon content or other conspiracy theories on Patreon. Content produced by these accounts go against Patreon’s stated policy of removing creators that “advance disinformation promoting the QAnon conspiracy theory”. EU DisinfoLab found:
In most cases, the creators monetise the content directly on Patreon (posts are only accessible for people sponsoring the creators) but there are also cases of indirect monetization (monetization through links leading to other platforms), an aspect that was flagged and analysed by Eu DisinfoLab in the mentioned previous report.
Some creators display links that redirects users to other platforms such as YouTube or LBRY where they can monetise their content. Some even offer almost all of their videos for free by redirecting to their YouTube channel.
Another modus operandi is for the creators to advertise on Patreon that they are looking for financing through PayPal or provide the author’s email to explore other financing alternatives.
[...]
Sometimes the content offered for a fee on Patreon is freely accessible on other platforms. Creators openly explain that they seek voluntary donation on Patreon, but that their creations will be public on YouTube. This means that the model of these platforms does not always involve a direct monetisation of the content. Creators who have built a strong reputation previously on other platforms can use Patreon as a platform to get some sponsorship which is not related to the content and give them more freedom to create.
Some users explicitly claim to use Patreon as a secondary channel to evade “censorship” by other platforms such as YouTube. Patreon seems to be perceived as a safe haven for disinformation and fringe content that has been suppressed for violating the policies of other platforms. For example, Jorge Guerra points out how Patreon acts as a back-up channel to go to in case of censorship by YouTube. Meanwhile, Alfa Mind openly claims to use Patreon to publish content that is not allowed on YouTube. “Exclusive access to videos that are prohibited on YouTube. These videos are only accessible on Patreon, as their content is very explicit and shocking”, are offered to the patrons who pay €3 per month.
In spite of Patreon’s stated policy, actors use accounts on their platform to generate revenue or donations for their content, and to provide a space to host content which was removed from other platforms (T0146: Account Asset, T0152.012: Subscription Service Platform, T0121.001: Bypass Content Bocking).
Some actors were observed accepting donations via PayPal (T0146: Account Asset, T0148.003: Payment Processing Platform). |
DO NOT EDIT ABOVE THIS LINE - PLEASE ADD NOTES BELOW
\ No newline at end of file
diff --git a/generated_pages/incidents/I00113.md b/generated_pages/incidents/I00113.md
index 6626ab0..6889665 100644
--- a/generated_pages/incidents/I00113.md
+++ b/generated_pages/incidents/I00113.md
@@ -21,16 +21,16 @@
| Technique | Description given for this incident |
| --------- | ------------------------- |
-| [T0121 Manipulate Platform Algorithm](../../generated_pages/techniques/T0121.md) | IT00000459 Researchers at Mozilla examined influence operations targeting Kenyan citizens on Twitter in 2021, providing “a grim window into the booming and shadowy industry of Twitter influencers for political hire here in Kenya”, and giving insight into operations’ operationalisation:
In our interviews with one of the influencers, they informed us of the agile tactics they use to organize and avoid detection. For example, when it’s time to carry out the campaign the influencers would be added to a Whatsapp group. Here, they received direction about what to post, the hashtags to use, which tweets to engage with and who to target. Synchronizing the tweets was also incredibly important for them. It’s what enables them to achieve their goal of trending on Twitter and gain amplification.
[...]
They revealed to us that those participating in the exercise are paid roughly between $10 and $15 to participate in three campaigns per day. Each campaign execution involves tweeting about the hashtags of the day until it appears on the trending section of Twitter. Additionally, some individuals have managed to reach retainer level and get paid about $250 per month. Their job is to make sure the campaigns are executed on a day-by-day basis with different hashtags.
An M-PESA account (T0148.002: Bank Account Asset, T0148.001: Online Banking Platform) was used to pay campaign participants.
Participants were organised in WhatsApp groups (T0129.005: Coordinate on Encrypted/Closed Networks T0151.007: Chat Broadcast Group, T0151.004: Chat Platform), in which they planned how to get campaign content trending on Twitter (T0121: Manipulate Platform Algorithm, T0151.008: Microblogging Platform). |
-| [T0129.005 Coordinate on Encrypted/Closed Networks](../../generated_pages/techniques/T0129.005.md) | IT00000456 Researchers at Mozilla examined influence operations targeting Kenyan citizens on Twitter in 2021, providing “a grim window into the booming and shadowy industry of Twitter influencers for political hire here in Kenya”, and giving insight into operations’ operationalisation:
In our interviews with one of the influencers, they informed us of the agile tactics they use to organize and avoid detection. For example, when it’s time to carry out the campaign the influencers would be added to a Whatsapp group. Here, they received direction about what to post, the hashtags to use, which tweets to engage with and who to target. Synchronizing the tweets was also incredibly important for them. It’s what enables them to achieve their goal of trending on Twitter and gain amplification.
[...]
They revealed to us that those participating in the exercise are paid roughly between $10 and $15 to participate in three campaigns per day. Each campaign execution involves tweeting about the hashtags of the day until it appears on the trending section of Twitter. Additionally, some individuals have managed to reach retainer level and get paid about $250 per month. Their job is to make sure the campaigns are executed on a day-by-day basis with different hashtags.
An M-PESA account (T0148.002: Bank Account Asset, T0148.001: Online Banking Platform) was used to pay campaign participants.
Participants were organised in WhatsApp groups (T0129.005: Coordinate on Encrypted/Closed Networks, T0151.007: Chat Broadcast Group, T0151.004: Chat Platform), in which they planned how to get campaign content trending on Twitter (T0121: Manipulate Platform Algorithm, T0151.008: Microblogging Platform). |
-| [T0146.003 Verified Account Asset](../../generated_pages/techniques/T0146.003.md) | IT00000461 Researchers at Mozilla examined influence operations targeting Kenyan citizens on Twitter in 2021, providing “a grim window into the booming and shadowy industry of Twitter influencers for political hire here in Kenya”. The report touches upon how actors gained access to twitter accounts, and what personas they presented:
Verified accounts are complicit. One influencer we spoke to mentioned that the people who own coveted “blue check” accounts will often rent them out for disinformation campaigns. These verified accounts can improve the campaign’s chances of trending. Says one interviewee: “The owner of the account usually receives a cut of the campaign loot”.
[...]
Many of the accounts we examined appear to give an aura of authenticity, but in reality they are not authentic. Simply looking at their date of creation won’t give you a hint as to their purpose. We had to dig deeper. The profile pictures and content of some of the accounts gave us the answers we were looking for. A common tactic these accounts utilize is using suggestive pictures of women to bait men into following them, or at least pay attention. In terms of content, many of these accounts tweeted off the same hashtags for days on end and will constantly retweet a specific set of accounts.
Actors participating in this operation rented out verified Twitter accounts (in 2021 a checkmark on Twitter verified a user’s identity), which were repurposed and used updated account imagery (T0146.003: Verified Account Asset, T0150.007: Rented Asset, T0150.004: Repurposed Asset, T00145.006: Attractive Person Account Imagery). |
-| [T0148.001 Online Banking Platform](../../generated_pages/techniques/T0148.001.md) | IT00000455 Researchers at Mozilla examined influence operations targeting Kenyan citizens on Twitter in 2021, providing “a grim window into the booming and shadowy industry of Twitter influencers for political hire here in Kenya”, and giving insight into operations’ operationalisation:
In our interviews with one of the influencers, they informed us of the agile tactics they use to organize and avoid detection. For example, when it’s time to carry out the campaign the influencers would be added to a Whatsapp group. Here, they received direction about what to post, the hashtags to use, which tweets to engage with and who to target. Synchronizing the tweets was also incredibly important for them. It’s what enables them to achieve their goal of trending on Twitter and gain amplification.
[...]
They revealed to us that those participating in the exercise are paid roughly between $10 and $15 to participate in three campaigns per day. Each campaign execution involves tweeting about the hashtags of the day until it appears on the trending section of Twitter. Additionally, some individuals have managed to reach retainer level and get paid about $250 per month. Their job is to make sure the campaigns are executed on a day-by-day basis with different hashtags.
An M-PESA account (T0148.002: Bank Account Asset, T0148.001: Online Banking Platform) was used to pay campaign participants.
Participants were organised in WhatsApp groups (T0129.005: Coordinate on Encrypted/Closed Networks, T0151.007: Chat Broadcast Group, T0151.004: Chat Platform), in which they planned how to get campaign content trending on Twitter (T0121: Manipulate Platform Algorithm, T0151.008: Microblogging Platform). |
-| [T0148.002 Bank Account Asset](../../generated_pages/techniques/T0148.002.md) | IT00000454 Researchers at Mozilla examined influence operations targeting Kenyan citizens on Twitter in 2021, providing “a grim window into the booming and shadowy industry of Twitter influencers for political hire here in Kenya”, and giving insight into operations’ operationalisation:
In our interviews with one of the influencers, they informed us of the agile tactics they use to organize and avoid detection. For example, when it’s time to carry out the campaign the influencers would be added to a Whatsapp group. Here, they received direction about what to post, the hashtags to use, which tweets to engage with and who to target. Synchronizing the tweets was also incredibly important for them. It’s what enables them to achieve their goal of trending on Twitter and gain amplification.
[...]
They revealed to us that those participating in the exercise are paid roughly between $10 and $15 to participate in three campaigns per day. Each campaign execution involves tweeting about the hashtags of the day until it appears on the trending section of Twitter. Additionally, some individuals have managed to reach retainer level and get paid about $250 per month. Their job is to make sure the campaigns are executed on a day-by-day basis with different hashtags.
An M-PESA account (T0148.002: Bank Account Asset, T0148.001: Online Banking Platform) was used to pay campaign participants.
Participants were organised in WhatsApp groups (T0129.005: Coordinate on Encrypted/Closed Networks, T0151.007: Chat Broadcast Group, T0151.004: Chat Platform), in which they planned how to get campaign content trending on Twitter (T0121: Manipulate Platform Algorithm, T0151.008: Microblogging Platform). |
-| [T0150.004 Repurposed Asset](../../generated_pages/techniques/T0150.004.md) | IT00000463 Researchers at Mozilla examined influence operations targeting Kenyan citizens on Twitter in 2021, providing “a grim window into the booming and shadowy industry of Twitter influencers for political hire here in Kenya”. The report touches upon how actors gained access to twitter accounts, and what personas they presented:
Verified accounts are complicit. One influencer we spoke to mentioned that the people who own coveted “blue check” accounts will often rent them out for disinformation campaigns. These verified accounts can improve the campaign’s chances of trending. Says one interviewee: “The owner of the account usually receives a cut of the campaign loot”.
[...]
Many of the accounts we examined appear to give an aura of authenticity, but in reality they are not authentic. Simply looking at their date of creation won’t give you a hint as to their purpose. We had to dig deeper. The profile pictures and content of some of the accounts gave us the answers we were looking for. A common tactic these accounts utilize is using suggestive pictures of women to bait men into following them, or at least pay attention. In terms of content, many of these accounts tweeted off the same hashtags for days on end and will constantly retweet a specific set of accounts.
Actors participating in this operation rented out verified Twitter accounts (in 2021 a checkmark on Twitter verified a user’s identity), which were repurposed and used updated account imagery (T0146.003: Verified Account Asset, T0150.007: Rented Asset, T0150.004: Repurposed Asset, T00145.006: Attractive Person Account Imagery). |
-| [T0150.007 Rented Asset](../../generated_pages/techniques/T0150.007.md) | IT00000462 Researchers at Mozilla examined influence operations targeting Kenyan citizens on Twitter in 2021, providing “a grim window into the booming and shadowy industry of Twitter influencers for political hire here in Kenya”. The report touches upon how actors gained access to twitter accounts, and what personas they presented:
Verified accounts are complicit. One influencer we spoke to mentioned that the people who own coveted “blue check” accounts will often rent them out for disinformation campaigns. These verified accounts can improve the campaign’s chances of trending. Says one interviewee: “The owner of the account usually receives a cut of the campaign loot”.
[...]
Many of the accounts we examined appear to give an aura of authenticity, but in reality they are not authentic. Simply looking at their date of creation won’t give you a hint as to their purpose. We had to dig deeper. The profile pictures and content of some of the accounts gave us the answers we were looking for. A common tactic these accounts utilize is using suggestive pictures of women to bait men into following them, or at least pay attention. In terms of content, many of these accounts tweeted off the same hashtags for days on end and will constantly retweet a specific set of accounts.
Actors participating in this operation rented out verified Twitter accounts (in 2021 a checkmark on Twitter verified a user’s identity), which were repurposed and used updated account imagery (T0146.003: Verified Account Asset, T0150.007: Rented Asset, T0150.004: Repurposed Asset, T00145.006: Attractive Person Account Imagery). |
-| [T0151.004 Chat Platform](../../generated_pages/techniques/T0151.004.md) | IT00000458 Researchers at Mozilla examined influence operations targeting Kenyan citizens on Twitter in 2021, providing “a grim window into the booming and shadowy industry of Twitter influencers for political hire here in Kenya”, and giving insight into operations’ operationalisation:
In our interviews with one of the influencers, they informed us of the agile tactics they use to organize and avoid detection. For example, when it’s time to carry out the campaign the influencers would be added to a Whatsapp group. Here, they received direction about what to post, the hashtags to use, which tweets to engage with and who to target. Synchronizing the tweets was also incredibly important for them. It’s what enables them to achieve their goal of trending on Twitter and gain amplification.
[...]
They revealed to us that those participating in the exercise are paid roughly between $10 and $15 to participate in three campaigns per day. Each campaign execution involves tweeting about the hashtags of the day until it appears on the trending section of Twitter. Additionally, some individuals have managed to reach retainer level and get paid about $250 per month. Their job is to make sure the campaigns are executed on a day-by-day basis with different hashtags.
An M-PESA account (T0148.002: Bank Account Asset, T0148.001: Online Banking Platform) was used to pay campaign participants.
Participants were organised in WhatsApp groups (T0129.005: Coordinate on Encrypted/Closed Networks, T0151.007: Chat Broadcast Group, T0151.004: Chat Platform), in which they planned how to get campaign content trending on Twitter (T0121: Manipulate Platform Algorithm, T0151.008: Microblogging Platform). |
-| [T0151.007 Chat Broadcast Group](../../generated_pages/techniques/T0151.007.md) | IT00000457 Researchers at Mozilla examined influence operations targeting Kenyan citizens on Twitter in 2021, providing “a grim window into the booming and shadowy industry of Twitter influencers for political hire here in Kenya”, and giving insight into operations’ operationalisation:
In our interviews with one of the influencers, they informed us of the agile tactics they use to organize and avoid detection. For example, when it’s time to carry out the campaign the influencers would be added to a Whatsapp group. Here, they received direction about what to post, the hashtags to use, which tweets to engage with and who to target. Synchronizing the tweets was also incredibly important for them. It’s what enables them to achieve their goal of trending on Twitter and gain amplification.
[...]
They revealed to us that those participating in the exercise are paid roughly between $10 and $15 to participate in three campaigns per day. Each campaign execution involves tweeting about the hashtags of the day until it appears on the trending section of Twitter. Additionally, some individuals have managed to reach retainer level and get paid about $250 per month. Their job is to make sure the campaigns are executed on a day-by-day basis with different hashtags.
An M-PESA account (T0148.002: Bank Account Asset, T0148.001: Online Banking Platform) was used to pay campaign participants.
Participants were organised in WhatsApp groups (T0129.005: Coordinate on Encrypted/Closed Networks, T0151.007: Chat Broadcast Group, T0151.004: Chat Platform), in which they planned how to get campaign content trending on Twitter (T0121: Manipulate Platform Algorithm, T0151.008: Microblogging Platform). |
-| [T0151.008 Microblogging Platform](../../generated_pages/techniques/T0151.008.md) | IT00000460 Researchers at Mozilla examined influence operations targeting Kenyan citizens on Twitter in 2021, providing “a grim window into the booming and shadowy industry of Twitter influencers for political hire here in Kenya”, and giving insight into operations’ operationalisation:
In our interviews with one of the influencers, they informed us of the agile tactics they use to organize and avoid detection. For example, when it’s time to carry out the campaign the influencers would be added to a Whatsapp group. Here, they received direction about what to post, the hashtags to use, which tweets to engage with and who to target. Synchronizing the tweets was also incredibly important for them. It’s what enables them to achieve their goal of trending on Twitter and gain amplification.
[...]
They revealed to us that those participating in the exercise are paid roughly between $10 and $15 to participate in three campaigns per day. Each campaign execution involves tweeting about the hashtags of the day until it appears on the trending section of Twitter. Additionally, some individuals have managed to reach retainer level and get paid about $250 per month. Their job is to make sure the campaigns are executed on a day-by-day basis with different hashtags.
An M-PESA account (T0148.002: Bank Account Asset, T0148.001: Online Banking Platform) was used to pay campaign participants.
Participants were organised in WhatsApp groups (T0129.005: Coordinate on Encrypted/Closed Networks, T0151.007: Chat Broadcast Group, T0151.004: Chat Platform), in which they planned how to get campaign content trending on Twitter (T0121: Manipulate Platform Algorithm, T0151.008: Microblogging Platform). |
+| [T0121 Manipulate Platform Algorithm](../../generated_pages/techniques/T0121.md) | Researchers at Mozilla examined influence operations targeting Kenyan citizens on Twitter in 2021, providing “a grim window into the booming and shadowy industry of Twitter influencers for political hire here in Kenya”, and giving insight into operations’ operationalisation:
In our interviews with one of the influencers, they informed us of the agile tactics they use to organize and avoid detection. For example, when it’s time to carry out the campaign the influencers would be added to a Whatsapp group. Here, they received direction about what to post, the hashtags to use, which tweets to engage with and who to target. Synchronizing the tweets was also incredibly important for them. It’s what enables them to achieve their goal of trending on Twitter and gain amplification.
[...]
They revealed to us that those participating in the exercise are paid roughly between $10 and $15 to participate in three campaigns per day. Each campaign execution involves tweeting about the hashtags of the day until it appears on the trending section of Twitter. Additionally, some individuals have managed to reach retainer level and get paid about $250 per month. Their job is to make sure the campaigns are executed on a day-by-day basis with different hashtags.
An M-PESA account (T0148.002: Bank Account Asset, T0148.001: Online Banking Platform) was used to pay campaign participants.
Participants were organised in WhatsApp groups (T0129.005: Coordinate on Encrypted/Closed Networks T0151.007: Chat Broadcast Group, T0151.004: Chat Platform), in which they planned how to get campaign content trending on Twitter (T0121: Manipulate Platform Algorithm, T0151.008: Microblogging Platform). |
+| [T0129.005 Coordinate on Encrypted/Closed Networks](../../generated_pages/techniques/T0129.005.md) | Researchers at Mozilla examined influence operations targeting Kenyan citizens on Twitter in 2021, providing “a grim window into the booming and shadowy industry of Twitter influencers for political hire here in Kenya”, and giving insight into operations’ operationalisation:
In our interviews with one of the influencers, they informed us of the agile tactics they use to organize and avoid detection. For example, when it’s time to carry out the campaign the influencers would be added to a Whatsapp group. Here, they received direction about what to post, the hashtags to use, which tweets to engage with and who to target. Synchronizing the tweets was also incredibly important for them. It’s what enables them to achieve their goal of trending on Twitter and gain amplification.
[...]
They revealed to us that those participating in the exercise are paid roughly between $10 and $15 to participate in three campaigns per day. Each campaign execution involves tweeting about the hashtags of the day until it appears on the trending section of Twitter. Additionally, some individuals have managed to reach retainer level and get paid about $250 per month. Their job is to make sure the campaigns are executed on a day-by-day basis with different hashtags.
An M-PESA account (T0148.002: Bank Account Asset, T0148.001: Online Banking Platform) was used to pay campaign participants.
Participants were organised in WhatsApp groups (T0129.005: Coordinate on Encrypted/Closed Networks, T0151.007: Chat Broadcast Group, T0151.004: Chat Platform), in which they planned how to get campaign content trending on Twitter (T0121: Manipulate Platform Algorithm, T0151.008: Microblogging Platform). |
+| [T0146.003 Verified Account Asset](../../generated_pages/techniques/T0146.003.md) | Researchers at Mozilla examined influence operations targeting Kenyan citizens on Twitter in 2021, providing “a grim window into the booming and shadowy industry of Twitter influencers for political hire here in Kenya”. The report touches upon how actors gained access to twitter accounts, and what personas they presented:
Verified accounts are complicit. One influencer we spoke to mentioned that the people who own coveted “blue check” accounts will often rent them out for disinformation campaigns. These verified accounts can improve the campaign’s chances of trending. Says one interviewee: “The owner of the account usually receives a cut of the campaign loot”.
[...]
Many of the accounts we examined appear to give an aura of authenticity, but in reality they are not authentic. Simply looking at their date of creation won’t give you a hint as to their purpose. We had to dig deeper. The profile pictures and content of some of the accounts gave us the answers we were looking for. A common tactic these accounts utilize is using suggestive pictures of women to bait men into following them, or at least pay attention. In terms of content, many of these accounts tweeted off the same hashtags for days on end and will constantly retweet a specific set of accounts.
Actors participating in this operation rented out verified Twitter accounts (in 2021 a checkmark on Twitter verified a user’s identity), which were repurposed and used updated account imagery (T0146.003: Verified Account Asset, T0150.007: Rented Asset, T0150.004: Repurposed Asset, T00145.006: Attractive Person Account Imagery). |
+| [T0148.001 Online Banking Platform](../../generated_pages/techniques/T0148.001.md) | Researchers at Mozilla examined influence operations targeting Kenyan citizens on Twitter in 2021, providing “a grim window into the booming and shadowy industry of Twitter influencers for political hire here in Kenya”, and giving insight into operations’ operationalisation:
In our interviews with one of the influencers, they informed us of the agile tactics they use to organize and avoid detection. For example, when it’s time to carry out the campaign the influencers would be added to a Whatsapp group. Here, they received direction about what to post, the hashtags to use, which tweets to engage with and who to target. Synchronizing the tweets was also incredibly important for them. It’s what enables them to achieve their goal of trending on Twitter and gain amplification.
[...]
They revealed to us that those participating in the exercise are paid roughly between $10 and $15 to participate in three campaigns per day. Each campaign execution involves tweeting about the hashtags of the day until it appears on the trending section of Twitter. Additionally, some individuals have managed to reach retainer level and get paid about $250 per month. Their job is to make sure the campaigns are executed on a day-by-day basis with different hashtags.
An M-PESA account (T0148.002: Bank Account Asset, T0148.001: Online Banking Platform) was used to pay campaign participants.
Participants were organised in WhatsApp groups (T0129.005: Coordinate on Encrypted/Closed Networks, T0151.007: Chat Broadcast Group, T0151.004: Chat Platform), in which they planned how to get campaign content trending on Twitter (T0121: Manipulate Platform Algorithm, T0151.008: Microblogging Platform). |
+| [T0148.002 Bank Account Asset](../../generated_pages/techniques/T0148.002.md) | Researchers at Mozilla examined influence operations targeting Kenyan citizens on Twitter in 2021, providing “a grim window into the booming and shadowy industry of Twitter influencers for political hire here in Kenya”, and giving insight into operations’ operationalisation:
In our interviews with one of the influencers, they informed us of the agile tactics they use to organize and avoid detection. For example, when it’s time to carry out the campaign the influencers would be added to a Whatsapp group. Here, they received direction about what to post, the hashtags to use, which tweets to engage with and who to target. Synchronizing the tweets was also incredibly important for them. It’s what enables them to achieve their goal of trending on Twitter and gain amplification.
[...]
They revealed to us that those participating in the exercise are paid roughly between $10 and $15 to participate in three campaigns per day. Each campaign execution involves tweeting about the hashtags of the day until it appears on the trending section of Twitter. Additionally, some individuals have managed to reach retainer level and get paid about $250 per month. Their job is to make sure the campaigns are executed on a day-by-day basis with different hashtags.
An M-PESA account (T0148.002: Bank Account Asset, T0148.001: Online Banking Platform) was used to pay campaign participants.
Participants were organised in WhatsApp groups (T0129.005: Coordinate on Encrypted/Closed Networks, T0151.007: Chat Broadcast Group, T0151.004: Chat Platform), in which they planned how to get campaign content trending on Twitter (T0121: Manipulate Platform Algorithm, T0151.008: Microblogging Platform). |
+| [T0150.004 Repurposed Asset](../../generated_pages/techniques/T0150.004.md) | Researchers at Mozilla examined influence operations targeting Kenyan citizens on Twitter in 2021, providing “a grim window into the booming and shadowy industry of Twitter influencers for political hire here in Kenya”. The report touches upon how actors gained access to twitter accounts, and what personas they presented:
Verified accounts are complicit. One influencer we spoke to mentioned that the people who own coveted “blue check” accounts will often rent them out for disinformation campaigns. These verified accounts can improve the campaign’s chances of trending. Says one interviewee: “The owner of the account usually receives a cut of the campaign loot”.
[...]
Many of the accounts we examined appear to give an aura of authenticity, but in reality they are not authentic. Simply looking at their date of creation won’t give you a hint as to their purpose. We had to dig deeper. The profile pictures and content of some of the accounts gave us the answers we were looking for. A common tactic these accounts utilize is using suggestive pictures of women to bait men into following them, or at least pay attention. In terms of content, many of these accounts tweeted off the same hashtags for days on end and will constantly retweet a specific set of accounts.
Actors participating in this operation rented out verified Twitter accounts (in 2021 a checkmark on Twitter verified a user’s identity), which were repurposed and used updated account imagery (T0146.003: Verified Account Asset, T0150.007: Rented Asset, T0150.004: Repurposed Asset, T00145.006: Attractive Person Account Imagery). |
+| [T0150.007 Rented Asset](../../generated_pages/techniques/T0150.007.md) | Researchers at Mozilla examined influence operations targeting Kenyan citizens on Twitter in 2021, providing “a grim window into the booming and shadowy industry of Twitter influencers for political hire here in Kenya”. The report touches upon how actors gained access to twitter accounts, and what personas they presented:
Verified accounts are complicit. One influencer we spoke to mentioned that the people who own coveted “blue check” accounts will often rent them out for disinformation campaigns. These verified accounts can improve the campaign’s chances of trending. Says one interviewee: “The owner of the account usually receives a cut of the campaign loot”.
[...]
Many of the accounts we examined appear to give an aura of authenticity, but in reality they are not authentic. Simply looking at their date of creation won’t give you a hint as to their purpose. We had to dig deeper. The profile pictures and content of some of the accounts gave us the answers we were looking for. A common tactic these accounts utilize is using suggestive pictures of women to bait men into following them, or at least pay attention. In terms of content, many of these accounts tweeted off the same hashtags for days on end and will constantly retweet a specific set of accounts.
Actors participating in this operation rented out verified Twitter accounts (in 2021 a checkmark on Twitter verified a user’s identity), which were repurposed and used updated account imagery (T0146.003: Verified Account Asset, T0150.007: Rented Asset, T0150.004: Repurposed Asset, T00145.006: Attractive Person Account Imagery). |
+| [T0151.004 Chat Platform](../../generated_pages/techniques/T0151.004.md) | Researchers at Mozilla examined influence operations targeting Kenyan citizens on Twitter in 2021, providing “a grim window into the booming and shadowy industry of Twitter influencers for political hire here in Kenya”, and giving insight into operations’ operationalisation:
In our interviews with one of the influencers, they informed us of the agile tactics they use to organize and avoid detection. For example, when it’s time to carry out the campaign the influencers would be added to a Whatsapp group. Here, they received direction about what to post, the hashtags to use, which tweets to engage with and who to target. Synchronizing the tweets was also incredibly important for them. It’s what enables them to achieve their goal of trending on Twitter and gain amplification.
[...]
They revealed to us that those participating in the exercise are paid roughly between $10 and $15 to participate in three campaigns per day. Each campaign execution involves tweeting about the hashtags of the day until it appears on the trending section of Twitter. Additionally, some individuals have managed to reach retainer level and get paid about $250 per month. Their job is to make sure the campaigns are executed on a day-by-day basis with different hashtags.
An M-PESA account (T0148.002: Bank Account Asset, T0148.001: Online Banking Platform) was used to pay campaign participants.
Participants were organised in WhatsApp groups (T0129.005: Coordinate on Encrypted/Closed Networks, T0151.007: Chat Broadcast Group, T0151.004: Chat Platform), in which they planned how to get campaign content trending on Twitter (T0121: Manipulate Platform Algorithm, T0151.008: Microblogging Platform). |
+| [T0151.007 Chat Broadcast Group](../../generated_pages/techniques/T0151.007.md) | Researchers at Mozilla examined influence operations targeting Kenyan citizens on Twitter in 2021, providing “a grim window into the booming and shadowy industry of Twitter influencers for political hire here in Kenya”, and giving insight into operations’ operationalisation:
In our interviews with one of the influencers, they informed us of the agile tactics they use to organize and avoid detection. For example, when it’s time to carry out the campaign the influencers would be added to a Whatsapp group. Here, they received direction about what to post, the hashtags to use, which tweets to engage with and who to target. Synchronizing the tweets was also incredibly important for them. It’s what enables them to achieve their goal of trending on Twitter and gain amplification.
[...]
They revealed to us that those participating in the exercise are paid roughly between $10 and $15 to participate in three campaigns per day. Each campaign execution involves tweeting about the hashtags of the day until it appears on the trending section of Twitter. Additionally, some individuals have managed to reach retainer level and get paid about $250 per month. Their job is to make sure the campaigns are executed on a day-by-day basis with different hashtags.
An M-PESA account (T0148.002: Bank Account Asset, T0148.001: Online Banking Platform) was used to pay campaign participants.
Participants were organised in WhatsApp groups (T0129.005: Coordinate on Encrypted/Closed Networks, T0151.007: Chat Broadcast Group, T0151.004: Chat Platform), in which they planned how to get campaign content trending on Twitter (T0121: Manipulate Platform Algorithm, T0151.008: Microblogging Platform). |
+| [T0151.008 Microblogging Platform](../../generated_pages/techniques/T0151.008.md) | Researchers at Mozilla examined influence operations targeting Kenyan citizens on Twitter in 2021, providing “a grim window into the booming and shadowy industry of Twitter influencers for political hire here in Kenya”, and giving insight into operations’ operationalisation:
In our interviews with one of the influencers, they informed us of the agile tactics they use to organize and avoid detection. For example, when it’s time to carry out the campaign the influencers would be added to a Whatsapp group. Here, they received direction about what to post, the hashtags to use, which tweets to engage with and who to target. Synchronizing the tweets was also incredibly important for them. It’s what enables them to achieve their goal of trending on Twitter and gain amplification.
[...]
They revealed to us that those participating in the exercise are paid roughly between $10 and $15 to participate in three campaigns per day. Each campaign execution involves tweeting about the hashtags of the day until it appears on the trending section of Twitter. Additionally, some individuals have managed to reach retainer level and get paid about $250 per month. Their job is to make sure the campaigns are executed on a day-by-day basis with different hashtags.
An M-PESA account (T0148.002: Bank Account Asset, T0148.001: Online Banking Platform) was used to pay campaign participants.
Participants were organised in WhatsApp groups (T0129.005: Coordinate on Encrypted/Closed Networks, T0151.007: Chat Broadcast Group, T0151.004: Chat Platform), in which they planned how to get campaign content trending on Twitter (T0121: Manipulate Platform Algorithm, T0151.008: Microblogging Platform). |
DO NOT EDIT ABOVE THIS LINE - PLEASE ADD NOTES BELOW
\ No newline at end of file
diff --git a/generated_pages/incidents/I00114.md b/generated_pages/incidents/I00114.md
index 91deea6..2a7335a 100644
--- a/generated_pages/incidents/I00114.md
+++ b/generated_pages/incidents/I00114.md
@@ -21,12 +21,12 @@
| Technique | Description given for this incident |
| --------- | ------------------------- |
-| [T0097.208 Social Cause Persona](../../generated_pages/techniques/T0097.208.md) | IT00000468 This report examines internal Facebook communications which reveal employees’ concerns about how the platform’s algorithm was recommending users join extremist conspiracy groups.
In summer 2019, a new Facebook user named Carol Smith signed up for the platform, describing herself as a politically conservative mother from Wilmington, North Carolina. Smith’s account indicated an interest in politics, parenting and Christianity and followed a few of her favorite brands, including Fox News and then-President Donald Trump.
Though Smith had never expressed interest in conspiracy theories, in just two days Facebook was recommending she join groups dedicated to QAnon, a sprawling and baseless conspiracy theory and movement that claimed Trump was secretly saving the world from a cabal of pedophiles and Satanists.
Smith didn’t follow the recommended QAnon groups, but whatever algorithm Facebook was using to determine how she should engage with the platform pushed ahead just the same. Within one week, Smith’s feed was full of groups and pages that had violated Facebook’s own rules, including those against hate speech and disinformation.
Smith wasn’t a real person. A researcher employed by Facebook invented the account, along with those of other fictitious “test users” in 2019 and 2020, as part of an experiment in studying the platform’s role in misinforming and polarizing users through its recommendations systems.
That researcher said Smith’s Facebook experience was “a barrage of extreme, conspiratorial, and graphic content.”
Facebook’s Algorithm suggested users join groups which supported the QAnon movement (T0151.001: Social Media Platform, T0151.002: Online Community Group, T0153.006: Content Recommendation Algorithm, T0097.208: Social Cause Persona).
Further investigation by Facebook uncovered that its advertising platform had been used to promote QAnon narratives (T0146: Account Asset, T0114: Deliver Ads, T0153.005: Online Advertising Platform):
For years, company researchers had been running experiments like Carol Smith’s to gauge the platform’s hand in radicalizing users, according to the documents seen by NBC News.
This internal work repeatedly found that recommendation tools pushed users into extremist groups, findings that helped inform policy changes and tweaks to recommendations and news feed rankings. Those rankings are a tentacled, ever-evolving system widely known as “the algorithm” that pushes content to users. But the research at that time stopped well short of inspiring any movement to change the groups and pages themselves.
That reluctance was indicative of “a pattern at Facebook,” Haugen told reporters this month. “They want the shortest path between their current policies and any action.”
[...]
By summer 2020, Facebook was hosting thousands of private QAnon groups and pages, with millions of members and followers, according to an unreleased internal investigation.
A year after the FBI designated QAnon as a potential domestic terrorist threat in the wake of standoffs, alleged planned kidnappings, harassment campaigns and shootings, Facebook labeled QAnon a “Violence Inciting Conspiracy Network” and banned it from the platform, along with militias and other violent social movements. A small team working across several of Facebook’s departments found its platforms had hosted hundreds of ads on Facebook and Instagram worth thousands of dollars and millions of views, “praising, supporting, or representing” the conspiracy theory.
[...]
For many employees inside Facebook, the enforcement came too late, according to posts left on Workplace, the company’s internal message board.
“We’ve known for over a year now that our recommendation systems can very quickly lead users down the path to conspiracy theories and groups,” one integrity researcher, whose name had been redacted, wrote in a post announcing she was leaving the company. “This fringe group has grown to national prominence, with QAnon congressional candidates and QAnon hashtags and groups trending in the mainstream. We were willing to act only * after * things had spiraled into a dire state.”
While Facebook’s ban initially appeared effective, a problem remained: The removal of groups and pages didn’t wipe out QAnon’s most extreme followers, who continued to organize on the platform.
“There was enough evidence to raise red flags in the expert community that Facebook and other platforms failed to address QAnon’s violent extremist dimension,” said Marc-André Argentino, a research fellow at King’s College London’s International Centre for the Study of Radicalisation, who has extensively studied QAnon.
Believers simply rebranded as anti-child-trafficking groups or migrated to other communities, including those around the anti-vaccine movement.
[...]
These conspiracy groups had become the fastest-growing groups on Facebook, according to the report, but Facebook wasn’t able to control their “meteoric growth,” the researchers wrote, “because we were looking at each entity individually, rather than as a cohesive movement.” A Facebook spokesperson told BuzzFeed News it took many steps to limit election misinformation but that it was unable to catch everything. |
-| [T0114 Deliver Ads](../../generated_pages/techniques/T0114.md) | IT00000469 This report examines internal Facebook communications which reveal employees’ concerns about how the platform’s algorithm was recommending users join extremist conspiracy groups.
In summer 2019, a new Facebook user named Carol Smith signed up for the platform, describing herself as a politically conservative mother from Wilmington, North Carolina. Smith’s account indicated an interest in politics, parenting and Christianity and followed a few of her favorite brands, including Fox News and then-President Donald Trump.
Though Smith had never expressed interest in conspiracy theories, in just two days Facebook was recommending she join groups dedicated to QAnon, a sprawling and baseless conspiracy theory and movement that claimed Trump was secretly saving the world from a cabal of pedophiles and Satanists.
Smith didn’t follow the recommended QAnon groups, but whatever algorithm Facebook was using to determine how she should engage with the platform pushed ahead just the same. Within one week, Smith’s feed was full of groups and pages that had violated Facebook’s own rules, including those against hate speech and disinformation.
Smith wasn’t a real person. A researcher employed by Facebook invented the account, along with those of other fictitious “test users” in 2019 and 2020, as part of an experiment in studying the platform’s role in misinforming and polarizing users through its recommendations systems.
That researcher said Smith’s Facebook experience was “a barrage of extreme, conspiratorial, and graphic content.”
Facebook’s Algorithm suggested users join groups which supported the QAnon movement (T0151.001: Social Media Platform, T0151.002: Online Community Group, T0153.006: Content Recommendation Algorithm, T0097.208: Social Cause Persona).
Further investigation by Facebook uncovered that its advertising platform had been used to promote QAnon narratives (T0146: Account Asset, T0114: Deliver Ads, T0153.005: Online Advertising Platform):
For years, company researchers had been running experiments like Carol Smith’s to gauge the platform’s hand in radicalizing users, according to the documents seen by NBC News.
This internal work repeatedly found that recommendation tools pushed users into extremist groups, findings that helped inform policy changes and tweaks to recommendations and news feed rankings. Those rankings are a tentacled, ever-evolving system widely known as “the algorithm” that pushes content to users. But the research at that time stopped well short of inspiring any movement to change the groups and pages themselves.
That reluctance was indicative of “a pattern at Facebook,” Haugen told reporters this month. “They want the shortest path between their current policies and any action.”
[...]
By summer 2020, Facebook was hosting thousands of private QAnon groups and pages, with millions of members and followers, according to an unreleased internal investigation.
A year after the FBI designated QAnon as a potential domestic terrorist threat in the wake of standoffs, alleged planned kidnappings, harassment campaigns and shootings, Facebook labeled QAnon a “Violence Inciting Conspiracy Network” and banned it from the platform, along with militias and other violent social movements. A small team working across several of Facebook’s departments found its platforms had hosted hundreds of ads on Facebook and Instagram worth thousands of dollars and millions of views, “praising, supporting, or representing” the conspiracy theory.
[...]
For many employees inside Facebook, the enforcement came too late, according to posts left on Workplace, the company’s internal message board.
“We’ve known for over a year now that our recommendation systems can very quickly lead users down the path to conspiracy theories and groups,” one integrity researcher, whose name had been redacted, wrote in a post announcing she was leaving the company. “This fringe group has grown to national prominence, with QAnon congressional candidates and QAnon hashtags and groups trending in the mainstream. We were willing to act only * after * things had spiraled into a dire state.”
While Facebook’s ban initially appeared effective, a problem remained: The removal of groups and pages didn’t wipe out QAnon’s most extreme followers, who continued to organize on the platform.
“There was enough evidence to raise red flags in the expert community that Facebook and other platforms failed to address QAnon’s violent extremist dimension,” said Marc-André Argentino, a research fellow at King’s College London’s International Centre for the Study of Radicalisation, who has extensively studied QAnon.
Believers simply rebranded as anti-child-trafficking groups or migrated to other communities, including those around the anti-vaccine movement.
[...]
These conspiracy groups had become the fastest-growing groups on Facebook, according to the report, but Facebook wasn’t able to control their “meteoric growth,” the researchers wrote, “because we were looking at each entity individually, rather than as a cohesive movement.” A Facebook spokesperson told BuzzFeed News it took many steps to limit election misinformation but that it was unable to catch everything. |
-| [T0151.001 Social Media Platform](../../generated_pages/techniques/T0151.001.md) | IT00000465 This report examines internal Facebook communications which reveal employees’ concerns about how the platform’s algorithm was recommending users join extremist conspiracy groups.
In summer 2019, a new Facebook user named Carol Smith signed up for the platform, describing herself as a politically conservative mother from Wilmington, North Carolina. Smith’s account indicated an interest in politics, parenting and Christianity and followed a few of her favorite brands, including Fox News and then-President Donald Trump.
Though Smith had never expressed interest in conspiracy theories, in just two days Facebook was recommending she join groups dedicated to QAnon, a sprawling and baseless conspiracy theory and movement that claimed Trump was secretly saving the world from a cabal of pedophiles and Satanists.
Smith didn’t follow the recommended QAnon groups, but whatever algorithm Facebook was using to determine how she should engage with the platform pushed ahead just the same. Within one week, Smith’s feed was full of groups and pages that had violated Facebook’s own rules, including those against hate speech and disinformation.
Smith wasn’t a real person. A researcher employed by Facebook invented the account, along with those of other fictitious “test users” in 2019 and 2020, as part of an experiment in studying the platform’s role in misinforming and polarizing users through its recommendations systems.
That researcher said Smith’s Facebook experience was “a barrage of extreme, conspiratorial, and graphic content.”
Facebook’s Algorithm suggested users join groups which supported the QAnon movement (T0151.001: Social Media Platform, T0151.002: Online Community Group, T0153.006: Content Recommendation Algorithm, T0097.208: Social Cause Persona).
Further investigation by Facebook uncovered that its advertising platform had been used to promote QAnon narratives (T0146: Account Asset, T0114: Deliver Ads, T0153.005: Online Advertising Platform):
For years, company researchers had been running experiments like Carol Smith’s to gauge the platform’s hand in radicalizing users, according to the documents seen by NBC News.
This internal work repeatedly found that recommendation tools pushed users into extremist groups, findings that helped inform policy changes and tweaks to recommendations and news feed rankings. Those rankings are a tentacled, ever-evolving system widely known as “the algorithm” that pushes content to users. But the research at that time stopped well short of inspiring any movement to change the groups and pages themselves.
That reluctance was indicative of “a pattern at Facebook,” Haugen told reporters this month. “They want the shortest path between their current policies and any action.”
[...]
By summer 2020, Facebook was hosting thousands of private QAnon groups and pages, with millions of members and followers, according to an unreleased internal investigation.
A year after the FBI designated QAnon as a potential domestic terrorist threat in the wake of standoffs, alleged planned kidnappings, harassment campaigns and shootings, Facebook labeled QAnon a “Violence Inciting Conspiracy Network” and banned it from the platform, along with militias and other violent social movements. A small team working across several of Facebook’s departments found its platforms had hosted hundreds of ads on Facebook and Instagram worth thousands of dollars and millions of views, “praising, supporting, or representing” the conspiracy theory.
[...]
For many employees inside Facebook, the enforcement came too late, according to posts left on Workplace, the company’s internal message board.
“We’ve known for over a year now that our recommendation systems can very quickly lead users down the path to conspiracy theories and groups,” one integrity researcher, whose name had been redacted, wrote in a post announcing she was leaving the company. “This fringe group has grown to national prominence, with QAnon congressional candidates and QAnon hashtags and groups trending in the mainstream. We were willing to act only * after * things had spiraled into a dire state.”
While Facebook’s ban initially appeared effective, a problem remained: The removal of groups and pages didn’t wipe out QAnon’s most extreme followers, who continued to organize on the platform.
“There was enough evidence to raise red flags in the expert community that Facebook and other platforms failed to address QAnon’s violent extremist dimension,” said Marc-André Argentino, a research fellow at King’s College London’s International Centre for the Study of Radicalisation, who has extensively studied QAnon.
Believers simply rebranded as anti-child-trafficking groups or migrated to other communities, including those around the anti-vaccine movement.
[...]
These conspiracy groups had become the fastest-growing groups on Facebook, according to the report, but Facebook wasn’t able to control their “meteoric growth,” the researchers wrote, “because we were looking at each entity individually, rather than as a cohesive movement.” A Facebook spokesperson told BuzzFeed News it took many steps to limit election misinformation but that it was unable to catch everything. |
-| [T0151.002 Online Community Group](../../generated_pages/techniques/T0151.002.md) | IT00000466 This report examines internal Facebook communications which reveal employees’ concerns about how the platform’s algorithm was recommending users join extremist conspiracy groups.
In summer 2019, a new Facebook user named Carol Smith signed up for the platform, describing herself as a politically conservative mother from Wilmington, North Carolina. Smith’s account indicated an interest in politics, parenting and Christianity and followed a few of her favorite brands, including Fox News and then-President Donald Trump.
Though Smith had never expressed interest in conspiracy theories, in just two days Facebook was recommending she join groups dedicated to QAnon, a sprawling and baseless conspiracy theory and movement that claimed Trump was secretly saving the world from a cabal of pedophiles and Satanists.
Smith didn’t follow the recommended QAnon groups, but whatever algorithm Facebook was using to determine how she should engage with the platform pushed ahead just the same. Within one week, Smith’s feed was full of groups and pages that had violated Facebook’s own rules, including those against hate speech and disinformation.
Smith wasn’t a real person. A researcher employed by Facebook invented the account, along with those of other fictitious “test users” in 2019 and 2020, as part of an experiment in studying the platform’s role in misinforming and polarizing users through its recommendations systems.
That researcher said Smith’s Facebook experience was “a barrage of extreme, conspiratorial, and graphic content.”
Facebook’s Algorithm suggested users join groups which supported the QAnon movement (T0151.001: Social Media Platform, T0151.002: Online Community Group, T0153.006: Content Recommendation Algorithm, T0097.208: Social Cause Persona).
Further investigation by Facebook uncovered that its advertising platform had been used to promote QAnon narratives (T0146: Account Asset, T0114: Deliver Ads, T0153.005: Online Advertising Platform):
For years, company researchers had been running experiments like Carol Smith’s to gauge the platform’s hand in radicalizing users, according to the documents seen by NBC News.
This internal work repeatedly found that recommendation tools pushed users into extremist groups, findings that helped inform policy changes and tweaks to recommendations and news feed rankings. Those rankings are a tentacled, ever-evolving system widely known as “the algorithm” that pushes content to users. But the research at that time stopped well short of inspiring any movement to change the groups and pages themselves.
That reluctance was indicative of “a pattern at Facebook,” Haugen told reporters this month. “They want the shortest path between their current policies and any action.”
[...]
By summer 2020, Facebook was hosting thousands of private QAnon groups and pages, with millions of members and followers, according to an unreleased internal investigation.
A year after the FBI designated QAnon as a potential domestic terrorist threat in the wake of standoffs, alleged planned kidnappings, harassment campaigns and shootings, Facebook labeled QAnon a “Violence Inciting Conspiracy Network” and banned it from the platform, along with militias and other violent social movements. A small team working across several of Facebook’s departments found its platforms had hosted hundreds of ads on Facebook and Instagram worth thousands of dollars and millions of views, “praising, supporting, or representing” the conspiracy theory.
[...]
For many employees inside Facebook, the enforcement came too late, according to posts left on Workplace, the company’s internal message board.
“We’ve known for over a year now that our recommendation systems can very quickly lead users down the path to conspiracy theories and groups,” one integrity researcher, whose name had been redacted, wrote in a post announcing she was leaving the company. “This fringe group has grown to national prominence, with QAnon congressional candidates and QAnon hashtags and groups trending in the mainstream. We were willing to act only * after * things had spiraled into a dire state.”
While Facebook’s ban initially appeared effective, a problem remained: The removal of groups and pages didn’t wipe out QAnon’s most extreme followers, who continued to organize on the platform.
“There was enough evidence to raise red flags in the expert community that Facebook and other platforms failed to address QAnon’s violent extremist dimension,” said Marc-André Argentino, a research fellow at King’s College London’s International Centre for the Study of Radicalisation, who has extensively studied QAnon.
Believers simply rebranded as anti-child-trafficking groups or migrated to other communities, including those around the anti-vaccine movement.
[...]
These conspiracy groups had become the fastest-growing groups on Facebook, according to the report, but Facebook wasn’t able to control their “meteoric growth,” the researchers wrote, “because we were looking at each entity individually, rather than as a cohesive movement.” A Facebook spokesperson told BuzzFeed News it took many steps to limit election misinformation but that it was unable to catch everything. |
-| [T0153.005 Online Advertising Platform](../../generated_pages/techniques/T0153.005.md) | IT00000470 This report examines internal Facebook communications which reveal employees’ concerns about how the platform’s algorithm was recommending users join extremist conspiracy groups.
In summer 2019, a new Facebook user named Carol Smith signed up for the platform, describing herself as a politically conservative mother from Wilmington, North Carolina. Smith’s account indicated an interest in politics, parenting and Christianity and followed a few of her favorite brands, including Fox News and then-President Donald Trump.
Though Smith had never expressed interest in conspiracy theories, in just two days Facebook was recommending she join groups dedicated to QAnon, a sprawling and baseless conspiracy theory and movement that claimed Trump was secretly saving the world from a cabal of pedophiles and Satanists.
Smith didn’t follow the recommended QAnon groups, but whatever algorithm Facebook was using to determine how she should engage with the platform pushed ahead just the same. Within one week, Smith’s feed was full of groups and pages that had violated Facebook’s own rules, including those against hate speech and disinformation.
Smith wasn’t a real person. A researcher employed by Facebook invented the account, along with those of other fictitious “test users” in 2019 and 2020, as part of an experiment in studying the platform’s role in misinforming and polarizing users through its recommendations systems.
That researcher said Smith’s Facebook experience was “a barrage of extreme, conspiratorial, and graphic content.”
Facebook’s Algorithm suggested users join groups which supported the QAnon movement (T0151.001: Social Media Platform, T0151.002: Online Community Group, T0153.006: Content Recommendation Algorithm, T0097.208: Social Cause Persona).
Further investigation by Facebook uncovered that its advertising platform had been used to promote QAnon narratives (T0146: Account Asset, T0114: Deliver Ads, T0153.005: Online Advertising Platform):
For years, company researchers had been running experiments like Carol Smith’s to gauge the platform’s hand in radicalizing users, according to the documents seen by NBC News.
This internal work repeatedly found that recommendation tools pushed users into extremist groups, findings that helped inform policy changes and tweaks to recommendations and news feed rankings. Those rankings are a tentacled, ever-evolving system widely known as “the algorithm” that pushes content to users. But the research at that time stopped well short of inspiring any movement to change the groups and pages themselves.
That reluctance was indicative of “a pattern at Facebook,” Haugen told reporters this month. “They want the shortest path between their current policies and any action.”
[...]
By summer 2020, Facebook was hosting thousands of private QAnon groups and pages, with millions of members and followers, according to an unreleased internal investigation.
A year after the FBI designated QAnon as a potential domestic terrorist threat in the wake of standoffs, alleged planned kidnappings, harassment campaigns and shootings, Facebook labeled QAnon a “Violence Inciting Conspiracy Network” and banned it from the platform, along with militias and other violent social movements. A small team working across several of Facebook’s departments found its platforms had hosted hundreds of ads on Facebook and Instagram worth thousands of dollars and millions of views, “praising, supporting, or representing” the conspiracy theory.
[...]
For many employees inside Facebook, the enforcement came too late, according to posts left on Workplace, the company’s internal message board.
“We’ve known for over a year now that our recommendation systems can very quickly lead users down the path to conspiracy theories and groups,” one integrity researcher, whose name had been redacted, wrote in a post announcing she was leaving the company. “This fringe group has grown to national prominence, with QAnon congressional candidates and QAnon hashtags and groups trending in the mainstream. We were willing to act only * after * things had spiraled into a dire state.”
While Facebook’s ban initially appeared effective, a problem remained: The removal of groups and pages didn’t wipe out QAnon’s most extreme followers, who continued to organize on the platform.
“There was enough evidence to raise red flags in the expert community that Facebook and other platforms failed to address QAnon’s violent extremist dimension,” said Marc-André Argentino, a research fellow at King’s College London’s International Centre for the Study of Radicalisation, who has extensively studied QAnon.
Believers simply rebranded as anti-child-trafficking groups or migrated to other communities, including those around the anti-vaccine movement.
[...]
These conspiracy groups had become the fastest-growing groups on Facebook, according to the report, but Facebook wasn’t able to control their “meteoric growth,” the researchers wrote, “because we were looking at each entity individually, rather than as a cohesive movement.” A Facebook spokesperson told BuzzFeed News it took many steps to limit election misinformation but that it was unable to catch everything. |
-| [T0153.006 Content Recommendation Algorithm](../../generated_pages/techniques/T0153.006.md) | IT00000467 This report examines internal Facebook communications which reveal employees’ concerns about how the platform’s algorithm was recommending users join extremist conspiracy groups.
In summer 2019, a new Facebook user named Carol Smith signed up for the platform, describing herself as a politically conservative mother from Wilmington, North Carolina. Smith’s account indicated an interest in politics, parenting and Christianity and followed a few of her favorite brands, including Fox News and then-President Donald Trump.
Though Smith had never expressed interest in conspiracy theories, in just two days Facebook was recommending she join groups dedicated to QAnon, a sprawling and baseless conspiracy theory and movement that claimed Trump was secretly saving the world from a cabal of pedophiles and Satanists.
Smith didn’t follow the recommended QAnon groups, but whatever algorithm Facebook was using to determine how she should engage with the platform pushed ahead just the same. Within one week, Smith’s feed was full of groups and pages that had violated Facebook’s own rules, including those against hate speech and disinformation.
Smith wasn’t a real person. A researcher employed by Facebook invented the account, along with those of other fictitious “test users” in 2019 and 2020, as part of an experiment in studying the platform’s role in misinforming and polarizing users through its recommendations systems.
That researcher said Smith’s Facebook experience was “a barrage of extreme, conspiratorial, and graphic content.”
Facebook’s Algorithm suggested users join groups which supported the QAnon movement (T0151.001: Social Media Platform, T0151.002: Online Community Group, T0153.006: Content Recommendation Algorithm, T0097.208: Social Cause Persona).
Further investigation by Facebook uncovered that its advertising platform had been used to promote QAnon narratives (T0146: Account Asset, T0114: Deliver Ads, T0153.005: Online Advertising Platform):
For years, company researchers had been running experiments like Carol Smith’s to gauge the platform’s hand in radicalizing users, according to the documents seen by NBC News.
This internal work repeatedly found that recommendation tools pushed users into extremist groups, findings that helped inform policy changes and tweaks to recommendations and news feed rankings. Those rankings are a tentacled, ever-evolving system widely known as “the algorithm” that pushes content to users. But the research at that time stopped well short of inspiring any movement to change the groups and pages themselves.
That reluctance was indicative of “a pattern at Facebook,” Haugen told reporters this month. “They want the shortest path between their current policies and any action.”
[...]
By summer 2020, Facebook was hosting thousands of private QAnon groups and pages, with millions of members and followers, according to an unreleased internal investigation.
A year after the FBI designated QAnon as a potential domestic terrorist threat in the wake of standoffs, alleged planned kidnappings, harassment campaigns and shootings, Facebook labeled QAnon a “Violence Inciting Conspiracy Network” and banned it from the platform, along with militias and other violent social movements. A small team working across several of Facebook’s departments found its platforms had hosted hundreds of ads on Facebook and Instagram worth thousands of dollars and millions of views, “praising, supporting, or representing” the conspiracy theory.
[...]
For many employees inside Facebook, the enforcement came too late, according to posts left on Workplace, the company’s internal message board.
“We’ve known for over a year now that our recommendation systems can very quickly lead users down the path to conspiracy theories and groups,” one integrity researcher, whose name had been redacted, wrote in a post announcing she was leaving the company. “This fringe group has grown to national prominence, with QAnon congressional candidates and QAnon hashtags and groups trending in the mainstream. We were willing to act only * after * things had spiraled into a dire state.”
While Facebook’s ban initially appeared effective, a problem remained: The removal of groups and pages didn’t wipe out QAnon’s most extreme followers, who continued to organize on the platform.
“There was enough evidence to raise red flags in the expert community that Facebook and other platforms failed to address QAnon’s violent extremist dimension,” said Marc-André Argentino, a research fellow at King’s College London’s International Centre for the Study of Radicalisation, who has extensively studied QAnon.
Believers simply rebranded as anti-child-trafficking groups or migrated to other communities, including those around the anti-vaccine movement.
[...]
These conspiracy groups had become the fastest-growing groups on Facebook, according to the report, but Facebook wasn’t able to control their “meteoric growth,” the researchers wrote, “because we were looking at each entity individually, rather than as a cohesive movement.” A Facebook spokesperson told BuzzFeed News it took many steps to limit election misinformation but that it was unable to catch everything. |
+| [T0097.208 Social Cause Persona](../../generated_pages/techniques/T0097.208.md) | This report examines internal Facebook communications which reveal employees’ concerns about how the platform’s algorithm was recommending users join extremist conspiracy groups.
In summer 2019, a new Facebook user named Carol Smith signed up for the platform, describing herself as a politically conservative mother from Wilmington, North Carolina. Smith’s account indicated an interest in politics, parenting and Christianity and followed a few of her favorite brands, including Fox News and then-President Donald Trump.
Though Smith had never expressed interest in conspiracy theories, in just two days Facebook was recommending she join groups dedicated to QAnon, a sprawling and baseless conspiracy theory and movement that claimed Trump was secretly saving the world from a cabal of pedophiles and Satanists.
Smith didn’t follow the recommended QAnon groups, but whatever algorithm Facebook was using to determine how she should engage with the platform pushed ahead just the same. Within one week, Smith’s feed was full of groups and pages that had violated Facebook’s own rules, including those against hate speech and disinformation.
Smith wasn’t a real person. A researcher employed by Facebook invented the account, along with those of other fictitious “test users” in 2019 and 2020, as part of an experiment in studying the platform’s role in misinforming and polarizing users through its recommendations systems.
That researcher said Smith’s Facebook experience was “a barrage of extreme, conspiratorial, and graphic content.”
Facebook’s Algorithm suggested users join groups which supported the QAnon movement (T0151.001: Social Media Platform, T0151.002: Online Community Group, T0153.006: Content Recommendation Algorithm, T0097.208: Social Cause Persona).
Further investigation by Facebook uncovered that its advertising platform had been used to promote QAnon narratives (T0146: Account Asset, T0114: Deliver Ads, T0153.005: Online Advertising Platform):
For years, company researchers had been running experiments like Carol Smith’s to gauge the platform’s hand in radicalizing users, according to the documents seen by NBC News.
This internal work repeatedly found that recommendation tools pushed users into extremist groups, findings that helped inform policy changes and tweaks to recommendations and news feed rankings. Those rankings are a tentacled, ever-evolving system widely known as “the algorithm” that pushes content to users. But the research at that time stopped well short of inspiring any movement to change the groups and pages themselves.
That reluctance was indicative of “a pattern at Facebook,” Haugen told reporters this month. “They want the shortest path between their current policies and any action.”
[...]
By summer 2020, Facebook was hosting thousands of private QAnon groups and pages, with millions of members and followers, according to an unreleased internal investigation.
A year after the FBI designated QAnon as a potential domestic terrorist threat in the wake of standoffs, alleged planned kidnappings, harassment campaigns and shootings, Facebook labeled QAnon a “Violence Inciting Conspiracy Network” and banned it from the platform, along with militias and other violent social movements. A small team working across several of Facebook’s departments found its platforms had hosted hundreds of ads on Facebook and Instagram worth thousands of dollars and millions of views, “praising, supporting, or representing” the conspiracy theory.
[...]
For many employees inside Facebook, the enforcement came too late, according to posts left on Workplace, the company’s internal message board.
“We’ve known for over a year now that our recommendation systems can very quickly lead users down the path to conspiracy theories and groups,” one integrity researcher, whose name had been redacted, wrote in a post announcing she was leaving the company. “This fringe group has grown to national prominence, with QAnon congressional candidates and QAnon hashtags and groups trending in the mainstream. We were willing to act only * after * things had spiraled into a dire state.”
While Facebook’s ban initially appeared effective, a problem remained: The removal of groups and pages didn’t wipe out QAnon’s most extreme followers, who continued to organize on the platform.
“There was enough evidence to raise red flags in the expert community that Facebook and other platforms failed to address QAnon’s violent extremist dimension,” said Marc-André Argentino, a research fellow at King’s College London’s International Centre for the Study of Radicalisation, who has extensively studied QAnon.
Believers simply rebranded as anti-child-trafficking groups or migrated to other communities, including those around the anti-vaccine movement.
[...]
These conspiracy groups had become the fastest-growing groups on Facebook, according to the report, but Facebook wasn’t able to control their “meteoric growth,” the researchers wrote, “because we were looking at each entity individually, rather than as a cohesive movement.” A Facebook spokesperson told BuzzFeed News it took many steps to limit election misinformation but that it was unable to catch everything. |
+| [T0114 Deliver Ads](../../generated_pages/techniques/T0114.md) | This report examines internal Facebook communications which reveal employees’ concerns about how the platform’s algorithm was recommending users join extremist conspiracy groups.
In summer 2019, a new Facebook user named Carol Smith signed up for the platform, describing herself as a politically conservative mother from Wilmington, North Carolina. Smith’s account indicated an interest in politics, parenting and Christianity and followed a few of her favorite brands, including Fox News and then-President Donald Trump.
Though Smith had never expressed interest in conspiracy theories, in just two days Facebook was recommending she join groups dedicated to QAnon, a sprawling and baseless conspiracy theory and movement that claimed Trump was secretly saving the world from a cabal of pedophiles and Satanists.
Smith didn’t follow the recommended QAnon groups, but whatever algorithm Facebook was using to determine how she should engage with the platform pushed ahead just the same. Within one week, Smith’s feed was full of groups and pages that had violated Facebook’s own rules, including those against hate speech and disinformation.
Smith wasn’t a real person. A researcher employed by Facebook invented the account, along with those of other fictitious “test users” in 2019 and 2020, as part of an experiment in studying the platform’s role in misinforming and polarizing users through its recommendations systems.
That researcher said Smith’s Facebook experience was “a barrage of extreme, conspiratorial, and graphic content.”
Facebook’s Algorithm suggested users join groups which supported the QAnon movement (T0151.001: Social Media Platform, T0151.002: Online Community Group, T0153.006: Content Recommendation Algorithm, T0097.208: Social Cause Persona).
Further investigation by Facebook uncovered that its advertising platform had been used to promote QAnon narratives (T0146: Account Asset, T0114: Deliver Ads, T0153.005: Online Advertising Platform):
For years, company researchers had been running experiments like Carol Smith’s to gauge the platform’s hand in radicalizing users, according to the documents seen by NBC News.
This internal work repeatedly found that recommendation tools pushed users into extremist groups, findings that helped inform policy changes and tweaks to recommendations and news feed rankings. Those rankings are a tentacled, ever-evolving system widely known as “the algorithm” that pushes content to users. But the research at that time stopped well short of inspiring any movement to change the groups and pages themselves.
That reluctance was indicative of “a pattern at Facebook,” Haugen told reporters this month. “They want the shortest path between their current policies and any action.”
[...]
By summer 2020, Facebook was hosting thousands of private QAnon groups and pages, with millions of members and followers, according to an unreleased internal investigation.
A year after the FBI designated QAnon as a potential domestic terrorist threat in the wake of standoffs, alleged planned kidnappings, harassment campaigns and shootings, Facebook labeled QAnon a “Violence Inciting Conspiracy Network” and banned it from the platform, along with militias and other violent social movements. A small team working across several of Facebook’s departments found its platforms had hosted hundreds of ads on Facebook and Instagram worth thousands of dollars and millions of views, “praising, supporting, or representing” the conspiracy theory.
[...]
For many employees inside Facebook, the enforcement came too late, according to posts left on Workplace, the company’s internal message board.
“We’ve known for over a year now that our recommendation systems can very quickly lead users down the path to conspiracy theories and groups,” one integrity researcher, whose name had been redacted, wrote in a post announcing she was leaving the company. “This fringe group has grown to national prominence, with QAnon congressional candidates and QAnon hashtags and groups trending in the mainstream. We were willing to act only * after * things had spiraled into a dire state.”
While Facebook’s ban initially appeared effective, a problem remained: The removal of groups and pages didn’t wipe out QAnon’s most extreme followers, who continued to organize on the platform.
“There was enough evidence to raise red flags in the expert community that Facebook and other platforms failed to address QAnon’s violent extremist dimension,” said Marc-André Argentino, a research fellow at King’s College London’s International Centre for the Study of Radicalisation, who has extensively studied QAnon.
Believers simply rebranded as anti-child-trafficking groups or migrated to other communities, including those around the anti-vaccine movement.
[...]
These conspiracy groups had become the fastest-growing groups on Facebook, according to the report, but Facebook wasn’t able to control their “meteoric growth,” the researchers wrote, “because we were looking at each entity individually, rather than as a cohesive movement.” A Facebook spokesperson told BuzzFeed News it took many steps to limit election misinformation but that it was unable to catch everything. |
+| [T0151.001 Social Media Platform](../../generated_pages/techniques/T0151.001.md) | This report examines internal Facebook communications which reveal employees’ concerns about how the platform’s algorithm was recommending users join extremist conspiracy groups.
In summer 2019, a new Facebook user named Carol Smith signed up for the platform, describing herself as a politically conservative mother from Wilmington, North Carolina. Smith’s account indicated an interest in politics, parenting and Christianity and followed a few of her favorite brands, including Fox News and then-President Donald Trump.
Though Smith had never expressed interest in conspiracy theories, in just two days Facebook was recommending she join groups dedicated to QAnon, a sprawling and baseless conspiracy theory and movement that claimed Trump was secretly saving the world from a cabal of pedophiles and Satanists.
Smith didn’t follow the recommended QAnon groups, but whatever algorithm Facebook was using to determine how she should engage with the platform pushed ahead just the same. Within one week, Smith’s feed was full of groups and pages that had violated Facebook’s own rules, including those against hate speech and disinformation.
Smith wasn’t a real person. A researcher employed by Facebook invented the account, along with those of other fictitious “test users” in 2019 and 2020, as part of an experiment in studying the platform’s role in misinforming and polarizing users through its recommendations systems.
That researcher said Smith’s Facebook experience was “a barrage of extreme, conspiratorial, and graphic content.”
Facebook’s Algorithm suggested users join groups which supported the QAnon movement (T0151.001: Social Media Platform, T0151.002: Online Community Group, T0153.006: Content Recommendation Algorithm, T0097.208: Social Cause Persona).
Further investigation by Facebook uncovered that its advertising platform had been used to promote QAnon narratives (T0146: Account Asset, T0114: Deliver Ads, T0153.005: Online Advertising Platform):
For years, company researchers had been running experiments like Carol Smith’s to gauge the platform’s hand in radicalizing users, according to the documents seen by NBC News.
This internal work repeatedly found that recommendation tools pushed users into extremist groups, findings that helped inform policy changes and tweaks to recommendations and news feed rankings. Those rankings are a tentacled, ever-evolving system widely known as “the algorithm” that pushes content to users. But the research at that time stopped well short of inspiring any movement to change the groups and pages themselves.
That reluctance was indicative of “a pattern at Facebook,” Haugen told reporters this month. “They want the shortest path between their current policies and any action.”
[...]
By summer 2020, Facebook was hosting thousands of private QAnon groups and pages, with millions of members and followers, according to an unreleased internal investigation.
A year after the FBI designated QAnon as a potential domestic terrorist threat in the wake of standoffs, alleged planned kidnappings, harassment campaigns and shootings, Facebook labeled QAnon a “Violence Inciting Conspiracy Network” and banned it from the platform, along with militias and other violent social movements. A small team working across several of Facebook’s departments found its platforms had hosted hundreds of ads on Facebook and Instagram worth thousands of dollars and millions of views, “praising, supporting, or representing” the conspiracy theory.
[...]
For many employees inside Facebook, the enforcement came too late, according to posts left on Workplace, the company’s internal message board.
“We’ve known for over a year now that our recommendation systems can very quickly lead users down the path to conspiracy theories and groups,” one integrity researcher, whose name had been redacted, wrote in a post announcing she was leaving the company. “This fringe group has grown to national prominence, with QAnon congressional candidates and QAnon hashtags and groups trending in the mainstream. We were willing to act only * after * things had spiraled into a dire state.”
While Facebook’s ban initially appeared effective, a problem remained: The removal of groups and pages didn’t wipe out QAnon’s most extreme followers, who continued to organize on the platform.
“There was enough evidence to raise red flags in the expert community that Facebook and other platforms failed to address QAnon’s violent extremist dimension,” said Marc-André Argentino, a research fellow at King’s College London’s International Centre for the Study of Radicalisation, who has extensively studied QAnon.
Believers simply rebranded as anti-child-trafficking groups or migrated to other communities, including those around the anti-vaccine movement.
[...]
These conspiracy groups had become the fastest-growing groups on Facebook, according to the report, but Facebook wasn’t able to control their “meteoric growth,” the researchers wrote, “because we were looking at each entity individually, rather than as a cohesive movement.” A Facebook spokesperson told BuzzFeed News it took many steps to limit election misinformation but that it was unable to catch everything. |
+| [T0151.002 Online Community Group](../../generated_pages/techniques/T0151.002.md) | This report examines internal Facebook communications which reveal employees’ concerns about how the platform’s algorithm was recommending users join extremist conspiracy groups.
In summer 2019, a new Facebook user named Carol Smith signed up for the platform, describing herself as a politically conservative mother from Wilmington, North Carolina. Smith’s account indicated an interest in politics, parenting and Christianity and followed a few of her favorite brands, including Fox News and then-President Donald Trump.
Though Smith had never expressed interest in conspiracy theories, in just two days Facebook was recommending she join groups dedicated to QAnon, a sprawling and baseless conspiracy theory and movement that claimed Trump was secretly saving the world from a cabal of pedophiles and Satanists.
Smith didn’t follow the recommended QAnon groups, but whatever algorithm Facebook was using to determine how she should engage with the platform pushed ahead just the same. Within one week, Smith’s feed was full of groups and pages that had violated Facebook’s own rules, including those against hate speech and disinformation.
Smith wasn’t a real person. A researcher employed by Facebook invented the account, along with those of other fictitious “test users” in 2019 and 2020, as part of an experiment in studying the platform’s role in misinforming and polarizing users through its recommendations systems.
That researcher said Smith’s Facebook experience was “a barrage of extreme, conspiratorial, and graphic content.”
Facebook’s Algorithm suggested users join groups which supported the QAnon movement (T0151.001: Social Media Platform, T0151.002: Online Community Group, T0153.006: Content Recommendation Algorithm, T0097.208: Social Cause Persona).
Further investigation by Facebook uncovered that its advertising platform had been used to promote QAnon narratives (T0146: Account Asset, T0114: Deliver Ads, T0153.005: Online Advertising Platform):
For years, company researchers had been running experiments like Carol Smith’s to gauge the platform’s hand in radicalizing users, according to the documents seen by NBC News.
This internal work repeatedly found that recommendation tools pushed users into extremist groups, findings that helped inform policy changes and tweaks to recommendations and news feed rankings. Those rankings are a tentacled, ever-evolving system widely known as “the algorithm” that pushes content to users. But the research at that time stopped well short of inspiring any movement to change the groups and pages themselves.
That reluctance was indicative of “a pattern at Facebook,” Haugen told reporters this month. “They want the shortest path between their current policies and any action.”
[...]
By summer 2020, Facebook was hosting thousands of private QAnon groups and pages, with millions of members and followers, according to an unreleased internal investigation.
A year after the FBI designated QAnon as a potential domestic terrorist threat in the wake of standoffs, alleged planned kidnappings, harassment campaigns and shootings, Facebook labeled QAnon a “Violence Inciting Conspiracy Network” and banned it from the platform, along with militias and other violent social movements. A small team working across several of Facebook’s departments found its platforms had hosted hundreds of ads on Facebook and Instagram worth thousands of dollars and millions of views, “praising, supporting, or representing” the conspiracy theory.
[...]
For many employees inside Facebook, the enforcement came too late, according to posts left on Workplace, the company’s internal message board.
“We’ve known for over a year now that our recommendation systems can very quickly lead users down the path to conspiracy theories and groups,” one integrity researcher, whose name had been redacted, wrote in a post announcing she was leaving the company. “This fringe group has grown to national prominence, with QAnon congressional candidates and QAnon hashtags and groups trending in the mainstream. We were willing to act only * after * things had spiraled into a dire state.”
While Facebook’s ban initially appeared effective, a problem remained: The removal of groups and pages didn’t wipe out QAnon’s most extreme followers, who continued to organize on the platform.
“There was enough evidence to raise red flags in the expert community that Facebook and other platforms failed to address QAnon’s violent extremist dimension,” said Marc-André Argentino, a research fellow at King’s College London’s International Centre for the Study of Radicalisation, who has extensively studied QAnon.
Believers simply rebranded as anti-child-trafficking groups or migrated to other communities, including those around the anti-vaccine movement.
[...]
These conspiracy groups had become the fastest-growing groups on Facebook, according to the report, but Facebook wasn’t able to control their “meteoric growth,” the researchers wrote, “because we were looking at each entity individually, rather than as a cohesive movement.” A Facebook spokesperson told BuzzFeed News it took many steps to limit election misinformation but that it was unable to catch everything. |
+| [T0153.005 Online Advertising Platform](../../generated_pages/techniques/T0153.005.md) | This report examines internal Facebook communications which reveal employees’ concerns about how the platform’s algorithm was recommending users join extremist conspiracy groups.
In summer 2019, a new Facebook user named Carol Smith signed up for the platform, describing herself as a politically conservative mother from Wilmington, North Carolina. Smith’s account indicated an interest in politics, parenting and Christianity and followed a few of her favorite brands, including Fox News and then-President Donald Trump.
Though Smith had never expressed interest in conspiracy theories, in just two days Facebook was recommending she join groups dedicated to QAnon, a sprawling and baseless conspiracy theory and movement that claimed Trump was secretly saving the world from a cabal of pedophiles and Satanists.
Smith didn’t follow the recommended QAnon groups, but whatever algorithm Facebook was using to determine how she should engage with the platform pushed ahead just the same. Within one week, Smith’s feed was full of groups and pages that had violated Facebook’s own rules, including those against hate speech and disinformation.
Smith wasn’t a real person. A researcher employed by Facebook invented the account, along with those of other fictitious “test users” in 2019 and 2020, as part of an experiment in studying the platform’s role in misinforming and polarizing users through its recommendations systems.
That researcher said Smith’s Facebook experience was “a barrage of extreme, conspiratorial, and graphic content.”
Facebook’s Algorithm suggested users join groups which supported the QAnon movement (T0151.001: Social Media Platform, T0151.002: Online Community Group, T0153.006: Content Recommendation Algorithm, T0097.208: Social Cause Persona).
Further investigation by Facebook uncovered that its advertising platform had been used to promote QAnon narratives (T0146: Account Asset, T0114: Deliver Ads, T0153.005: Online Advertising Platform):
For years, company researchers had been running experiments like Carol Smith’s to gauge the platform’s hand in radicalizing users, according to the documents seen by NBC News.
This internal work repeatedly found that recommendation tools pushed users into extremist groups, findings that helped inform policy changes and tweaks to recommendations and news feed rankings. Those rankings are a tentacled, ever-evolving system widely known as “the algorithm” that pushes content to users. But the research at that time stopped well short of inspiring any movement to change the groups and pages themselves.
That reluctance was indicative of “a pattern at Facebook,” Haugen told reporters this month. “They want the shortest path between their current policies and any action.”
[...]
By summer 2020, Facebook was hosting thousands of private QAnon groups and pages, with millions of members and followers, according to an unreleased internal investigation.
A year after the FBI designated QAnon as a potential domestic terrorist threat in the wake of standoffs, alleged planned kidnappings, harassment campaigns and shootings, Facebook labeled QAnon a “Violence Inciting Conspiracy Network” and banned it from the platform, along with militias and other violent social movements. A small team working across several of Facebook’s departments found its platforms had hosted hundreds of ads on Facebook and Instagram worth thousands of dollars and millions of views, “praising, supporting, or representing” the conspiracy theory.
[...]
For many employees inside Facebook, the enforcement came too late, according to posts left on Workplace, the company’s internal message board.
“We’ve known for over a year now that our recommendation systems can very quickly lead users down the path to conspiracy theories and groups,” one integrity researcher, whose name had been redacted, wrote in a post announcing she was leaving the company. “This fringe group has grown to national prominence, with QAnon congressional candidates and QAnon hashtags and groups trending in the mainstream. We were willing to act only * after * things had spiraled into a dire state.”
While Facebook’s ban initially appeared effective, a problem remained: The removal of groups and pages didn’t wipe out QAnon’s most extreme followers, who continued to organize on the platform.
“There was enough evidence to raise red flags in the expert community that Facebook and other platforms failed to address QAnon’s violent extremist dimension,” said Marc-André Argentino, a research fellow at King’s College London’s International Centre for the Study of Radicalisation, who has extensively studied QAnon.
Believers simply rebranded as anti-child-trafficking groups or migrated to other communities, including those around the anti-vaccine movement.
[...]
These conspiracy groups had become the fastest-growing groups on Facebook, according to the report, but Facebook wasn’t able to control their “meteoric growth,” the researchers wrote, “because we were looking at each entity individually, rather than as a cohesive movement.” A Facebook spokesperson told BuzzFeed News it took many steps to limit election misinformation but that it was unable to catch everything. |
+| [T0153.006 Content Recommendation Algorithm](../../generated_pages/techniques/T0153.006.md) | This report examines internal Facebook communications which reveal employees’ concerns about how the platform’s algorithm was recommending users join extremist conspiracy groups.
In summer 2019, a new Facebook user named Carol Smith signed up for the platform, describing herself as a politically conservative mother from Wilmington, North Carolina. Smith’s account indicated an interest in politics, parenting and Christianity and followed a few of her favorite brands, including Fox News and then-President Donald Trump.
Though Smith had never expressed interest in conspiracy theories, in just two days Facebook was recommending she join groups dedicated to QAnon, a sprawling and baseless conspiracy theory and movement that claimed Trump was secretly saving the world from a cabal of pedophiles and Satanists.
Smith didn’t follow the recommended QAnon groups, but whatever algorithm Facebook was using to determine how she should engage with the platform pushed ahead just the same. Within one week, Smith’s feed was full of groups and pages that had violated Facebook’s own rules, including those against hate speech and disinformation.
Smith wasn’t a real person. A researcher employed by Facebook invented the account, along with those of other fictitious “test users” in 2019 and 2020, as part of an experiment in studying the platform’s role in misinforming and polarizing users through its recommendations systems.
That researcher said Smith’s Facebook experience was “a barrage of extreme, conspiratorial, and graphic content.”
Facebook’s Algorithm suggested users join groups which supported the QAnon movement (T0151.001: Social Media Platform, T0151.002: Online Community Group, T0153.006: Content Recommendation Algorithm, T0097.208: Social Cause Persona).
Further investigation by Facebook uncovered that its advertising platform had been used to promote QAnon narratives (T0146: Account Asset, T0114: Deliver Ads, T0153.005: Online Advertising Platform):
For years, company researchers had been running experiments like Carol Smith’s to gauge the platform’s hand in radicalizing users, according to the documents seen by NBC News.
This internal work repeatedly found that recommendation tools pushed users into extremist groups, findings that helped inform policy changes and tweaks to recommendations and news feed rankings. Those rankings are a tentacled, ever-evolving system widely known as “the algorithm” that pushes content to users. But the research at that time stopped well short of inspiring any movement to change the groups and pages themselves.
That reluctance was indicative of “a pattern at Facebook,” Haugen told reporters this month. “They want the shortest path between their current policies and any action.”
[...]
By summer 2020, Facebook was hosting thousands of private QAnon groups and pages, with millions of members and followers, according to an unreleased internal investigation.
A year after the FBI designated QAnon as a potential domestic terrorist threat in the wake of standoffs, alleged planned kidnappings, harassment campaigns and shootings, Facebook labeled QAnon a “Violence Inciting Conspiracy Network” and banned it from the platform, along with militias and other violent social movements. A small team working across several of Facebook’s departments found its platforms had hosted hundreds of ads on Facebook and Instagram worth thousands of dollars and millions of views, “praising, supporting, or representing” the conspiracy theory.
[...]
For many employees inside Facebook, the enforcement came too late, according to posts left on Workplace, the company’s internal message board.
“We’ve known for over a year now that our recommendation systems can very quickly lead users down the path to conspiracy theories and groups,” one integrity researcher, whose name had been redacted, wrote in a post announcing she was leaving the company. “This fringe group has grown to national prominence, with QAnon congressional candidates and QAnon hashtags and groups trending in the mainstream. We were willing to act only * after * things had spiraled into a dire state.”
While Facebook’s ban initially appeared effective, a problem remained: The removal of groups and pages didn’t wipe out QAnon’s most extreme followers, who continued to organize on the platform.
“There was enough evidence to raise red flags in the expert community that Facebook and other platforms failed to address QAnon’s violent extremist dimension,” said Marc-André Argentino, a research fellow at King’s College London’s International Centre for the Study of Radicalisation, who has extensively studied QAnon.
Believers simply rebranded as anti-child-trafficking groups or migrated to other communities, including those around the anti-vaccine movement.
[...]
These conspiracy groups had become the fastest-growing groups on Facebook, according to the report, but Facebook wasn’t able to control their “meteoric growth,” the researchers wrote, “because we were looking at each entity individually, rather than as a cohesive movement.” A Facebook spokesperson told BuzzFeed News it took many steps to limit election misinformation but that it was unable to catch everything. |
DO NOT EDIT ABOVE THIS LINE - PLEASE ADD NOTES BELOW
\ No newline at end of file
diff --git a/generated_pages/incidents/I00115.md b/generated_pages/incidents/I00115.md
index 9c0f9fd..d7f9ed7 100644
--- a/generated_pages/incidents/I00115.md
+++ b/generated_pages/incidents/I00115.md
@@ -21,8 +21,8 @@
| Technique | Description given for this incident |
| --------- | ------------------------- |
-| [T0151.001 Social Media Platform](../../generated_pages/techniques/T0151.001.md) | IT00000471 This 2021 report by The Washington Post explains the mechanics of Facebook’s algorithm (T0151.001: Social Media Platform, T0153.006: Content Recommendation Algorithm):
In its early years, Facebook’s algorithm prioritized signals such as likes, clicks and comments to decide which posts to amplify. Publishers, brands and individual users soon learned how to craft posts and headlines designed to induce likes and clicks, giving rise to what came to be known as “clickbait.” By 2013, upstart publishers such as Upworthy and ViralNova were amassing tens of millions of readers with articles designed specifically to game Facebook’s news feed algorithm.
Facebook realized that users were growing wary of misleading teaser headlines, and the company recalibrated its algorithm in 2014 and 2015 to downgrade clickbait and focus on new metrics, such as the amount of time a user spent reading a story or watching a video, and incorporating surveys on what content users found most valuable. Around the same time, its executives identified video as a business priority, and used the algorithm to boost “native” videos shared directly to Facebook. By the mid-2010s, the news feed had tilted toward slick, professionally produced content, especially videos that would hold people’s attention.
In 2016, however, Facebook executives grew worried about a decline in “original sharing.” Users were spending so much time passively watching and reading that they weren’t interacting with each other as much. Young people in particular shifted their personal conversations to rivals such as Snapchat that offered more intimacy.
Once again, Facebook found its answer in the algorithm: It developed a new set of goal metrics that it called “meaningful social interactions,” designed to show users more posts from friends and family, and fewer from big publishers and brands. In particular, the algorithm began to give outsize weight to posts that sparked lots of comments and replies.
The downside of this approach was that the posts that sparked the most comments tended to be the ones that made people angry or offended them, the documents show. Facebook became an angrier, more polarizing place. It didn’t help that, starting in 2017, the algorithm had assigned reaction emoji — including the angry emoji — five times the weight of a simple “like,” according to company documents.
[...]
Internal documents show Facebook researchers found that, for the most politically oriented 1 million American users, nearly 90 percent of the content that Facebook shows them is about politics and social issues. Those groups also received the most misinformation, especially a set of users associated with mostly right-leaning content, who were shown one misinformation post out of every 40, according to a document from June 2020.
One takeaway is that Facebook’s algorithm isn’t a runaway train. The company may not directly control what any given user posts, but by choosing which types of posts will be seen, it sculpts the information landscape according to its business priorities. Some within the company would like to see Facebook use the algorithm to explicitly promote certain values, such as democracy and civil discourse. Others have suggested that it develop and prioritize new metrics that align with users’ values, as with a 2020 experiment in which the algorithm was trained to predict what posts they would find “good for the world” and “bad for the world,” and optimize for the former. |
-| [T0153.006 Content Recommendation Algorithm](../../generated_pages/techniques/T0153.006.md) | IT00000472 This 2021 report by The Washington Post explains the mechanics of Facebook’s algorithm (T0151.001: Social Media Platform, T0153.006: Content Recommendation Algorithm):
In its early years, Facebook’s algorithm prioritized signals such as likes, clicks and comments to decide which posts to amplify. Publishers, brands and individual users soon learned how to craft posts and headlines designed to induce likes and clicks, giving rise to what came to be known as “clickbait.” By 2013, upstart publishers such as Upworthy and ViralNova were amassing tens of millions of readers with articles designed specifically to game Facebook’s news feed algorithm.
Facebook realized that users were growing wary of misleading teaser headlines, and the company recalibrated its algorithm in 2014 and 2015 to downgrade clickbait and focus on new metrics, such as the amount of time a user spent reading a story or watching a video, and incorporating surveys on what content users found most valuable. Around the same time, its executives identified video as a business priority, and used the algorithm to boost “native” videos shared directly to Facebook. By the mid-2010s, the news feed had tilted toward slick, professionally produced content, especially videos that would hold people’s attention.
In 2016, however, Facebook executives grew worried about a decline in “original sharing.” Users were spending so much time passively watching and reading that they weren’t interacting with each other as much. Young people in particular shifted their personal conversations to rivals such as Snapchat that offered more intimacy.
Once again, Facebook found its answer in the algorithm: It developed a new set of goal metrics that it called “meaningful social interactions,” designed to show users more posts from friends and family, and fewer from big publishers and brands. In particular, the algorithm began to give outsize weight to posts that sparked lots of comments and replies.
The downside of this approach was that the posts that sparked the most comments tended to be the ones that made people angry or offended them, the documents show. Facebook became an angrier, more polarizing place. It didn’t help that, starting in 2017, the algorithm had assigned reaction emoji — including the angry emoji — five times the weight of a simple “like,” according to company documents.
[...]
Internal documents show Facebook researchers found that, for the most politically oriented 1 million American users, nearly 90 percent of the content that Facebook shows them is about politics and social issues. Those groups also received the most misinformation, especially a set of users associated with mostly right-leaning content, who were shown one misinformation post out of every 40, according to a document from June 2020.
One takeaway is that Facebook’s algorithm isn’t a runaway train. The company may not directly control what any given user posts, but by choosing which types of posts will be seen, it sculpts the information landscape according to its business priorities. Some within the company would like to see Facebook use the algorithm to explicitly promote certain values, such as democracy and civil discourse. Others have suggested that it develop and prioritize new metrics that align with users’ values, as with a 2020 experiment in which the algorithm was trained to predict what posts they would find “good for the world” and “bad for the world,” and optimize for the former. |
+| [T0151.001 Social Media Platform](../../generated_pages/techniques/T0151.001.md) | This 2021 report by The Washington Post explains the mechanics of Facebook’s algorithm (T0151.001: Social Media Platform, T0153.006: Content Recommendation Algorithm):
In its early years, Facebook’s algorithm prioritized signals such as likes, clicks and comments to decide which posts to amplify. Publishers, brands and individual users soon learned how to craft posts and headlines designed to induce likes and clicks, giving rise to what came to be known as “clickbait.” By 2013, upstart publishers such as Upworthy and ViralNova were amassing tens of millions of readers with articles designed specifically to game Facebook’s news feed algorithm.
Facebook realized that users were growing wary of misleading teaser headlines, and the company recalibrated its algorithm in 2014 and 2015 to downgrade clickbait and focus on new metrics, such as the amount of time a user spent reading a story or watching a video, and incorporating surveys on what content users found most valuable. Around the same time, its executives identified video as a business priority, and used the algorithm to boost “native” videos shared directly to Facebook. By the mid-2010s, the news feed had tilted toward slick, professionally produced content, especially videos that would hold people’s attention.
In 2016, however, Facebook executives grew worried about a decline in “original sharing.” Users were spending so much time passively watching and reading that they weren’t interacting with each other as much. Young people in particular shifted their personal conversations to rivals such as Snapchat that offered more intimacy.
Once again, Facebook found its answer in the algorithm: It developed a new set of goal metrics that it called “meaningful social interactions,” designed to show users more posts from friends and family, and fewer from big publishers and brands. In particular, the algorithm began to give outsize weight to posts that sparked lots of comments and replies.
The downside of this approach was that the posts that sparked the most comments tended to be the ones that made people angry or offended them, the documents show. Facebook became an angrier, more polarizing place. It didn’t help that, starting in 2017, the algorithm had assigned reaction emoji — including the angry emoji — five times the weight of a simple “like,” according to company documents.
[...]
Internal documents show Facebook researchers found that, for the most politically oriented 1 million American users, nearly 90 percent of the content that Facebook shows them is about politics and social issues. Those groups also received the most misinformation, especially a set of users associated with mostly right-leaning content, who were shown one misinformation post out of every 40, according to a document from June 2020.
One takeaway is that Facebook’s algorithm isn’t a runaway train. The company may not directly control what any given user posts, but by choosing which types of posts will be seen, it sculpts the information landscape according to its business priorities. Some within the company would like to see Facebook use the algorithm to explicitly promote certain values, such as democracy and civil discourse. Others have suggested that it develop and prioritize new metrics that align with users’ values, as with a 2020 experiment in which the algorithm was trained to predict what posts they would find “good for the world” and “bad for the world,” and optimize for the former. |
+| [T0153.006 Content Recommendation Algorithm](../../generated_pages/techniques/T0153.006.md) | This 2021 report by The Washington Post explains the mechanics of Facebook’s algorithm (T0151.001: Social Media Platform, T0153.006: Content Recommendation Algorithm):
In its early years, Facebook’s algorithm prioritized signals such as likes, clicks and comments to decide which posts to amplify. Publishers, brands and individual users soon learned how to craft posts and headlines designed to induce likes and clicks, giving rise to what came to be known as “clickbait.” By 2013, upstart publishers such as Upworthy and ViralNova were amassing tens of millions of readers with articles designed specifically to game Facebook’s news feed algorithm.
Facebook realized that users were growing wary of misleading teaser headlines, and the company recalibrated its algorithm in 2014 and 2015 to downgrade clickbait and focus on new metrics, such as the amount of time a user spent reading a story or watching a video, and incorporating surveys on what content users found most valuable. Around the same time, its executives identified video as a business priority, and used the algorithm to boost “native” videos shared directly to Facebook. By the mid-2010s, the news feed had tilted toward slick, professionally produced content, especially videos that would hold people’s attention.
In 2016, however, Facebook executives grew worried about a decline in “original sharing.” Users were spending so much time passively watching and reading that they weren’t interacting with each other as much. Young people in particular shifted their personal conversations to rivals such as Snapchat that offered more intimacy.
Once again, Facebook found its answer in the algorithm: It developed a new set of goal metrics that it called “meaningful social interactions,” designed to show users more posts from friends and family, and fewer from big publishers and brands. In particular, the algorithm began to give outsize weight to posts that sparked lots of comments and replies.
The downside of this approach was that the posts that sparked the most comments tended to be the ones that made people angry or offended them, the documents show. Facebook became an angrier, more polarizing place. It didn’t help that, starting in 2017, the algorithm had assigned reaction emoji — including the angry emoji — five times the weight of a simple “like,” according to company documents.
[...]
Internal documents show Facebook researchers found that, for the most politically oriented 1 million American users, nearly 90 percent of the content that Facebook shows them is about politics and social issues. Those groups also received the most misinformation, especially a set of users associated with mostly right-leaning content, who were shown one misinformation post out of every 40, according to a document from June 2020.
One takeaway is that Facebook’s algorithm isn’t a runaway train. The company may not directly control what any given user posts, but by choosing which types of posts will be seen, it sculpts the information landscape according to its business priorities. Some within the company would like to see Facebook use the algorithm to explicitly promote certain values, such as democracy and civil discourse. Others have suggested that it develop and prioritize new metrics that align with users’ values, as with a 2020 experiment in which the algorithm was trained to predict what posts they would find “good for the world” and “bad for the world,” and optimize for the former. |
DO NOT EDIT ABOVE THIS LINE - PLEASE ADD NOTES BELOW
\ No newline at end of file
diff --git a/generated_pages/incidents/I00116.md b/generated_pages/incidents/I00116.md
index 67b9717..dfc96f1 100644
--- a/generated_pages/incidents/I00116.md
+++ b/generated_pages/incidents/I00116.md
@@ -21,14 +21,14 @@
| Technique | Description given for this incident |
| --------- | ------------------------- |
-| [T0097.205 Business Persona](../../generated_pages/techniques/T0097.205.md) | IT00000476 Consumers who complain of poor customer service on X are being targeted by scammers after the social media platform formerly known as Twitter changed its account verification process.
Bank customers and airline passengers are among those at risk of phishing scams when they complain to companies via X. Fraudsters, masquerading as customer service agents, respond under fake X handles and trick victims into disclosing their bank details to get a promised refund.
They typically win the trust of victims by displaying the blue checkmark icon, which until this year denoted accounts that had been officially verified by X.
Changes introduced this year allow the icon to be bought by anyone who pays an £11 monthly fee for the site’s subscription service, renamed this month from Twitter Blue to X Premium. Businesses that pay £950 a month receive a gold tick. X’s terms and conditions do not state whether subscriber accounts are pre-vetted.
Andrew Thomas was contacted by a scam account after posting a complaint to the travel platform Booking.com. “I’d been trying since April to get a refund after our holiday flights were cancelled and finally resorted to X,” he said.
“I received a response asking me to follow them, and DM [direct message] them with a contact number. They then called me via WhatsApp asking for my reference number so they could investigate. Later they called back to say that I would be refunded via their payment partner for which I’d need to download an app.”
Thomas became suspicious and checked the X profile. “It looked like the real thing, but I noticed that there was an unexpected hyphen in the Twitter handle and that it had only joined X in July 2023,” he said.
In this example a newly created paid account was created on X, used to direct users to other platforms (T0146.002: Paid Account Asset, T0146.003: Verified Account Asset, T0146.005: Lookalike Account ID, T0097.205: Business Persona, T0122: Direct Users to Alternative Platforms, T0143.003: Impersonated Persona, T0151.008: Microblogging Platform, T0150.001: Newly Created Asset). |
-| [T0122 Direct Users to Alternative Platforms](../../generated_pages/techniques/T0122.md) | IT00000477 Consumers who complain of poor customer service on X are being targeted by scammers after the social media platform formerly known as Twitter changed its account verification process.
Bank customers and airline passengers are among those at risk of phishing scams when they complain to companies via X. Fraudsters, masquerading as customer service agents, respond under fake X handles and trick victims into disclosing their bank details to get a promised refund.
They typically win the trust of victims by displaying the blue checkmark icon, which until this year denoted accounts that had been officially verified by X.
Changes introduced this year allow the icon to be bought by anyone who pays an £11 monthly fee for the site’s subscription service, renamed this month from Twitter Blue to X Premium. Businesses that pay £950 a month receive a gold tick. X’s terms and conditions do not state whether subscriber accounts are pre-vetted.
Andrew Thomas was contacted by a scam account after posting a complaint to the travel platform Booking.com. “I’d been trying since April to get a refund after our holiday flights were cancelled and finally resorted to X,” he said.
“I received a response asking me to follow them, and DM [direct message] them with a contact number. They then called me via WhatsApp asking for my reference number so they could investigate. Later they called back to say that I would be refunded via their payment partner for which I’d need to download an app.”
Thomas became suspicious and checked the X profile. “It looked like the real thing, but I noticed that there was an unexpected hyphen in the Twitter handle and that it had only joined X in July 2023,” he said.
In this example a newly created paid account was created on X, used to direct users to other platforms (T0146.002: Paid Account Asset, T0146.003: Verified Account Asset, T0146.005: Lookalike Account ID, T0097.205: Business Persona, T0122: Direct Users to Alternative Platforms, T0143.003: Impersonated Persona, T0151.008: Microblogging Platform, T0150.001: Newly Created Asset). |
-| [T0143.003 Impersonated Persona](../../generated_pages/techniques/T0143.003.md) | IT00000478 Consumers who complain of poor customer service on X are being targeted by scammers after the social media platform formerly known as Twitter changed its account verification process.
Bank customers and airline passengers are among those at risk of phishing scams when they complain to companies via X. Fraudsters, masquerading as customer service agents, respond under fake X handles and trick victims into disclosing their bank details to get a promised refund.
They typically win the trust of victims by displaying the blue checkmark icon, which until this year denoted accounts that had been officially verified by X.
Changes introduced this year allow the icon to be bought by anyone who pays an £11 monthly fee for the site’s subscription service, renamed this month from Twitter Blue to X Premium. Businesses that pay £950 a month receive a gold tick. X’s terms and conditions do not state whether subscriber accounts are pre-vetted.
Andrew Thomas was contacted by a scam account after posting a complaint to the travel platform Booking.com. “I’d been trying since April to get a refund after our holiday flights were cancelled and finally resorted to X,” he said.
“I received a response asking me to follow them, and DM [direct message] them with a contact number. They then called me via WhatsApp asking for my reference number so they could investigate. Later they called back to say that I would be refunded via their payment partner for which I’d need to download an app.”
Thomas became suspicious and checked the X profile. “It looked like the real thing, but I noticed that there was an unexpected hyphen in the Twitter handle and that it had only joined X in July 2023,” he said.
In this example a newly created paid account was created on X, used to direct users to other platforms (T0146.002: Paid Account Asset, T0146.003: Verified Account Asset, T0146.005: Lookalike Account ID, T0097.205: Business Persona, T0122: Direct Users to Alternative Platforms, T0143.003: Impersonated Persona, T0151.008: Microblogging Platform, T0150.001: Newly Created Asset). |
-| [T0146.002 Paid Account Asset](../../generated_pages/techniques/T0146.002.md) | IT00000473 Consumers who complain of poor customer service on X are being targeted by scammers after the social media platform formerly known as Twitter changed its account verification process.
Bank customers and airline passengers are among those at risk of phishing scams when they complain to companies via X. Fraudsters, masquerading as customer service agents, respond under fake X handles and trick victims into disclosing their bank details to get a promised refund.
They typically win the trust of victims by displaying the blue checkmark icon, which until this year denoted accounts that had been officially verified by X.
Changes introduced this year allow the icon to be bought by anyone who pays an £11 monthly fee for the site’s subscription service, renamed this month from Twitter Blue to X Premium. Businesses that pay £950 a month receive a gold tick. X’s terms and conditions do not state whether subscriber accounts are pre-vetted.
Andrew Thomas was contacted by a scam account after posting a complaint to the travel platform Booking.com. “I’d been trying since April to get a refund after our holiday flights were cancelled and finally resorted to X,” he said.
“I received a response asking me to follow them, and DM [direct message] them with a contact number. They then called me via WhatsApp asking for my reference number so they could investigate. Later they called back to say that I would be refunded via their payment partner for which I’d need to download an app.”
Thomas became suspicious and checked the X profile. “It looked like the real thing, but I noticed that there was an unexpected hyphen in the Twitter handle and that it had only joined X in July 2023,” he said.
In this example a newly created paid account was created on X, used to direct users to other platforms (T0146.002: Paid Account Asset, T0146.003: Verified Account Asset, T0146.005: Lookalike Account ID, T0097.205: Business Persona, T0122: Direct Users to Alternative Platforms, T0143.003: Impersonated Persona, T0151.008: Microblogging Platform, T0150.001: Newly Created Asset). |
-| [T0146.003 Verified Account Asset](../../generated_pages/techniques/T0146.003.md) | IT00000474 Consumers who complain of poor customer service on X are being targeted by scammers after the social media platform formerly known as Twitter changed its account verification process.
Bank customers and airline passengers are among those at risk of phishing scams when they complain to companies via X. Fraudsters, masquerading as customer service agents, respond under fake X handles and trick victims into disclosing their bank details to get a promised refund.
They typically win the trust of victims by displaying the blue checkmark icon, which until this year denoted accounts that had been officially verified by X.
Changes introduced this year allow the icon to be bought by anyone who pays an £11 monthly fee for the site’s subscription service, renamed this month from Twitter Blue to X Premium. Businesses that pay £950 a month receive a gold tick. X’s terms and conditions do not state whether subscriber accounts are pre-vetted.
Andrew Thomas was contacted by a scam account after posting a complaint to the travel platform Booking.com. “I’d been trying since April to get a refund after our holiday flights were cancelled and finally resorted to X,” he said.
“I received a response asking me to follow them, and DM [direct message] them with a contact number. They then called me via WhatsApp asking for my reference number so they could investigate. Later they called back to say that I would be refunded via their payment partner for which I’d need to download an app.”
Thomas became suspicious and checked the X profile. “It looked like the real thing, but I noticed that there was an unexpected hyphen in the Twitter handle and that it had only joined X in July 2023,” he said.
In this example a newly created paid account was created on X, used to direct users to other platforms (T0146.002: Paid Account Asset, T0146.003: Verified Account Asset, T0146.005: Lookalike Account ID, T0097.205: Business Persona, T0122: Direct Users to Alternative Platforms, T0143.003: Impersonated Persona, T0151.008: Microblogging Platform, T0150.001: Newly Created Asset). |
-| [T0146.005 Lookalike Account ID](../../generated_pages/techniques/T0146.005.md) | IT00000475 Consumers who complain of poor customer service on X are being targeted by scammers after the social media platform formerly known as Twitter changed its account verification process.
Bank customers and airline passengers are among those at risk of phishing scams when they complain to companies via X. Fraudsters, masquerading as customer service agents, respond under fake X handles and trick victims into disclosing their bank details to get a promised refund.
They typically win the trust of victims by displaying the blue checkmark icon, which until this year denoted accounts that had been officially verified by X.
Changes introduced this year allow the icon to be bought by anyone who pays an £11 monthly fee for the site’s subscription service, renamed this month from Twitter Blue to X Premium. Businesses that pay £950 a month receive a gold tick. X’s terms and conditions do not state whether subscriber accounts are pre-vetted.
Andrew Thomas was contacted by a scam account after posting a complaint to the travel platform Booking.com. “I’d been trying since April to get a refund after our holiday flights were cancelled and finally resorted to X,” he said.
“I received a response asking me to follow them, and DM [direct message] them with a contact number. They then called me via WhatsApp asking for my reference number so they could investigate. Later they called back to say that I would be refunded via their payment partner for which I’d need to download an app.”
Thomas became suspicious and checked the X profile. “It looked like the real thing, but I noticed that there was an unexpected hyphen in the Twitter handle and that it had only joined X in July 2023,” he said.
In this example a newly created paid account was created on X, used to direct users to other platforms (T0146.002: Paid Account Asset, T0146.003: Verified Account Asset, T0146.005: Lookalike Account ID, T0097.205: Business Persona, T0122: Direct Users to Alternative Platforms, T0143.003: Impersonated Persona, T0151.008: Microblogging Platform, T0150.001: Newly Created Asset). |
-| [T0150.001 Newly Created Asset](../../generated_pages/techniques/T0150.001.md) | IT00000480 Consumers who complain of poor customer service on X are being targeted by scammers after the social media platform formerly known as Twitter changed its account verification process.
Bank customers and airline passengers are among those at risk of phishing scams when they complain to companies via X. Fraudsters, masquerading as customer service agents, respond under fake X handles and trick victims into disclosing their bank details to get a promised refund.
They typically win the trust of victims by displaying the blue checkmark icon, which until this year denoted accounts that had been officially verified by X.
Changes introduced this year allow the icon to be bought by anyone who pays an £11 monthly fee for the site’s subscription service, renamed this month from Twitter Blue to X Premium. Businesses that pay £950 a month receive a gold tick. X’s terms and conditions do not state whether subscriber accounts are pre-vetted.
Andrew Thomas was contacted by a scam account after posting a complaint to the travel platform Booking.com. “I’d been trying since April to get a refund after our holiday flights were cancelled and finally resorted to X,” he said.
“I received a response asking me to follow them, and DM [direct message] them with a contact number. They then called me via WhatsApp asking for my reference number so they could investigate. Later they called back to say that I would be refunded via their payment partner for which I’d need to download an app.”
Thomas became suspicious and checked the X profile. “It looked like the real thing, but I noticed that there was an unexpected hyphen in the Twitter handle and that it had only joined X in July 2023,” he said.
In this example a newly created paid account was created on X, used to direct users to other platforms (T0146.002: Paid Account Asset, T0146.003: Verified Account Asset, T0146.005: Lookalike Account ID, T0097.205: Business Persona, T0122: Direct Users to Alternative Platforms, T0143.003: Impersonated Persona, T0151.008: Microblogging Platform, T0150.001: Newly Created Asset). |
-| [T0151.008 Microblogging Platform](../../generated_pages/techniques/T0151.008.md) | IT00000479 Consumers who complain of poor customer service on X are being targeted by scammers after the social media platform formerly known as Twitter changed its account verification process.
Bank customers and airline passengers are among those at risk of phishing scams when they complain to companies via X. Fraudsters, masquerading as customer service agents, respond under fake X handles and trick victims into disclosing their bank details to get a promised refund.
They typically win the trust of victims by displaying the blue checkmark icon, which until this year denoted accounts that had been officially verified by X.
Changes introduced this year allow the icon to be bought by anyone who pays an £11 monthly fee for the site’s subscription service, renamed this month from Twitter Blue to X Premium. Businesses that pay £950 a month receive a gold tick. X’s terms and conditions do not state whether subscriber accounts are pre-vetted.
Andrew Thomas was contacted by a scam account after posting a complaint to the travel platform Booking.com. “I’d been trying since April to get a refund after our holiday flights were cancelled and finally resorted to X,” he said.
“I received a response asking me to follow them, and DM [direct message] them with a contact number. They then called me via WhatsApp asking for my reference number so they could investigate. Later they called back to say that I would be refunded via their payment partner for which I’d need to download an app.”
Thomas became suspicious and checked the X profile. “It looked like the real thing, but I noticed that there was an unexpected hyphen in the Twitter handle and that it had only joined X in July 2023,” he said.
In this example a newly created paid account was created on X, used to direct users to other platforms (T0146.002: Paid Account Asset, T0146.003: Verified Account Asset, T0146.005: Lookalike Account ID, T0097.205: Business Persona, T0122: Direct Users to Alternative Platforms, T0143.003: Impersonated Persona, T0151.008: Microblogging Platform, T0150.001: Newly Created Asset). |
+| [T0097.205 Business Persona](../../generated_pages/techniques/T0097.205.md) | Consumers who complain of poor customer service on X are being targeted by scammers after the social media platform formerly known as Twitter changed its account verification process.
Bank customers and airline passengers are among those at risk of phishing scams when they complain to companies via X. Fraudsters, masquerading as customer service agents, respond under fake X handles and trick victims into disclosing their bank details to get a promised refund.
They typically win the trust of victims by displaying the blue checkmark icon, which until this year denoted accounts that had been officially verified by X.
Changes introduced this year allow the icon to be bought by anyone who pays an £11 monthly fee for the site’s subscription service, renamed this month from Twitter Blue to X Premium. Businesses that pay £950 a month receive a gold tick. X’s terms and conditions do not state whether subscriber accounts are pre-vetted.
Andrew Thomas was contacted by a scam account after posting a complaint to the travel platform Booking.com. “I’d been trying since April to get a refund after our holiday flights were cancelled and finally resorted to X,” he said.
“I received a response asking me to follow them, and DM [direct message] them with a contact number. They then called me via WhatsApp asking for my reference number so they could investigate. Later they called back to say that I would be refunded via their payment partner for which I’d need to download an app.”
Thomas became suspicious and checked the X profile. “It looked like the real thing, but I noticed that there was an unexpected hyphen in the Twitter handle and that it had only joined X in July 2023,” he said.
In this example a newly created paid account was created on X, used to direct users to other platforms (T0146.002: Paid Account Asset, T0146.003: Verified Account Asset, T0146.005: Lookalike Account ID, T0097.205: Business Persona, T0122: Direct Users to Alternative Platforms, T0143.003: Impersonated Persona, T0151.008: Microblogging Platform, T0150.001: Newly Created Asset). |
+| [T0122 Direct Users to Alternative Platforms](../../generated_pages/techniques/T0122.md) | Consumers who complain of poor customer service on X are being targeted by scammers after the social media platform formerly known as Twitter changed its account verification process.
Bank customers and airline passengers are among those at risk of phishing scams when they complain to companies via X. Fraudsters, masquerading as customer service agents, respond under fake X handles and trick victims into disclosing their bank details to get a promised refund.
They typically win the trust of victims by displaying the blue checkmark icon, which until this year denoted accounts that had been officially verified by X.
Changes introduced this year allow the icon to be bought by anyone who pays an £11 monthly fee for the site’s subscription service, renamed this month from Twitter Blue to X Premium. Businesses that pay £950 a month receive a gold tick. X’s terms and conditions do not state whether subscriber accounts are pre-vetted.
Andrew Thomas was contacted by a scam account after posting a complaint to the travel platform Booking.com. “I’d been trying since April to get a refund after our holiday flights were cancelled and finally resorted to X,” he said.
“I received a response asking me to follow them, and DM [direct message] them with a contact number. They then called me via WhatsApp asking for my reference number so they could investigate. Later they called back to say that I would be refunded via their payment partner for which I’d need to download an app.”
Thomas became suspicious and checked the X profile. “It looked like the real thing, but I noticed that there was an unexpected hyphen in the Twitter handle and that it had only joined X in July 2023,” he said.
In this example a newly created paid account was created on X, used to direct users to other platforms (T0146.002: Paid Account Asset, T0146.003: Verified Account Asset, T0146.005: Lookalike Account ID, T0097.205: Business Persona, T0122: Direct Users to Alternative Platforms, T0143.003: Impersonated Persona, T0151.008: Microblogging Platform, T0150.001: Newly Created Asset). |
+| [T0143.003 Impersonated Persona](../../generated_pages/techniques/T0143.003.md) | Consumers who complain of poor customer service on X are being targeted by scammers after the social media platform formerly known as Twitter changed its account verification process.
Bank customers and airline passengers are among those at risk of phishing scams when they complain to companies via X. Fraudsters, masquerading as customer service agents, respond under fake X handles and trick victims into disclosing their bank details to get a promised refund.
They typically win the trust of victims by displaying the blue checkmark icon, which until this year denoted accounts that had been officially verified by X.
Changes introduced this year allow the icon to be bought by anyone who pays an £11 monthly fee for the site’s subscription service, renamed this month from Twitter Blue to X Premium. Businesses that pay £950 a month receive a gold tick. X’s terms and conditions do not state whether subscriber accounts are pre-vetted.
Andrew Thomas was contacted by a scam account after posting a complaint to the travel platform Booking.com. “I’d been trying since April to get a refund after our holiday flights were cancelled and finally resorted to X,” he said.
“I received a response asking me to follow them, and DM [direct message] them with a contact number. They then called me via WhatsApp asking for my reference number so they could investigate. Later they called back to say that I would be refunded via their payment partner for which I’d need to download an app.”
Thomas became suspicious and checked the X profile. “It looked like the real thing, but I noticed that there was an unexpected hyphen in the Twitter handle and that it had only joined X in July 2023,” he said.
In this example a newly created paid account was created on X, used to direct users to other platforms (T0146.002: Paid Account Asset, T0146.003: Verified Account Asset, T0146.005: Lookalike Account ID, T0097.205: Business Persona, T0122: Direct Users to Alternative Platforms, T0143.003: Impersonated Persona, T0151.008: Microblogging Platform, T0150.001: Newly Created Asset). |
+| [T0146.002 Paid Account Asset](../../generated_pages/techniques/T0146.002.md) | Consumers who complain of poor customer service on X are being targeted by scammers after the social media platform formerly known as Twitter changed its account verification process.
Bank customers and airline passengers are among those at risk of phishing scams when they complain to companies via X. Fraudsters, masquerading as customer service agents, respond under fake X handles and trick victims into disclosing their bank details to get a promised refund.
They typically win the trust of victims by displaying the blue checkmark icon, which until this year denoted accounts that had been officially verified by X.
Changes introduced this year allow the icon to be bought by anyone who pays an £11 monthly fee for the site’s subscription service, renamed this month from Twitter Blue to X Premium. Businesses that pay £950 a month receive a gold tick. X’s terms and conditions do not state whether subscriber accounts are pre-vetted.
Andrew Thomas was contacted by a scam account after posting a complaint to the travel platform Booking.com. “I’d been trying since April to get a refund after our holiday flights were cancelled and finally resorted to X,” he said.
“I received a response asking me to follow them, and DM [direct message] them with a contact number. They then called me via WhatsApp asking for my reference number so they could investigate. Later they called back to say that I would be refunded via their payment partner for which I’d need to download an app.”
Thomas became suspicious and checked the X profile. “It looked like the real thing, but I noticed that there was an unexpected hyphen in the Twitter handle and that it had only joined X in July 2023,” he said.
In this example a newly created paid account was created on X, used to direct users to other platforms (T0146.002: Paid Account Asset, T0146.003: Verified Account Asset, T0146.005: Lookalike Account ID, T0097.205: Business Persona, T0122: Direct Users to Alternative Platforms, T0143.003: Impersonated Persona, T0151.008: Microblogging Platform, T0150.001: Newly Created Asset). |
+| [T0146.003 Verified Account Asset](../../generated_pages/techniques/T0146.003.md) | Consumers who complain of poor customer service on X are being targeted by scammers after the social media platform formerly known as Twitter changed its account verification process.
Bank customers and airline passengers are among those at risk of phishing scams when they complain to companies via X. Fraudsters, masquerading as customer service agents, respond under fake X handles and trick victims into disclosing their bank details to get a promised refund.
They typically win the trust of victims by displaying the blue checkmark icon, which until this year denoted accounts that had been officially verified by X.
Changes introduced this year allow the icon to be bought by anyone who pays an £11 monthly fee for the site’s subscription service, renamed this month from Twitter Blue to X Premium. Businesses that pay £950 a month receive a gold tick. X’s terms and conditions do not state whether subscriber accounts are pre-vetted.
Andrew Thomas was contacted by a scam account after posting a complaint to the travel platform Booking.com. “I’d been trying since April to get a refund after our holiday flights were cancelled and finally resorted to X,” he said.
“I received a response asking me to follow them, and DM [direct message] them with a contact number. They then called me via WhatsApp asking for my reference number so they could investigate. Later they called back to say that I would be refunded via their payment partner for which I’d need to download an app.”
Thomas became suspicious and checked the X profile. “It looked like the real thing, but I noticed that there was an unexpected hyphen in the Twitter handle and that it had only joined X in July 2023,” he said.
In this example a newly created paid account was created on X, used to direct users to other platforms (T0146.002: Paid Account Asset, T0146.003: Verified Account Asset, T0146.005: Lookalike Account ID, T0097.205: Business Persona, T0122: Direct Users to Alternative Platforms, T0143.003: Impersonated Persona, T0151.008: Microblogging Platform, T0150.001: Newly Created Asset). |
+| [T0146.005 Lookalike Account ID](../../generated_pages/techniques/T0146.005.md) | Consumers who complain of poor customer service on X are being targeted by scammers after the social media platform formerly known as Twitter changed its account verification process.
Bank customers and airline passengers are among those at risk of phishing scams when they complain to companies via X. Fraudsters, masquerading as customer service agents, respond under fake X handles and trick victims into disclosing their bank details to get a promised refund.
They typically win the trust of victims by displaying the blue checkmark icon, which until this year denoted accounts that had been officially verified by X.
Changes introduced this year allow the icon to be bought by anyone who pays an £11 monthly fee for the site’s subscription service, renamed this month from Twitter Blue to X Premium. Businesses that pay £950 a month receive a gold tick. X’s terms and conditions do not state whether subscriber accounts are pre-vetted.
Andrew Thomas was contacted by a scam account after posting a complaint to the travel platform Booking.com. “I’d been trying since April to get a refund after our holiday flights were cancelled and finally resorted to X,” he said.
“I received a response asking me to follow them, and DM [direct message] them with a contact number. They then called me via WhatsApp asking for my reference number so they could investigate. Later they called back to say that I would be refunded via their payment partner for which I’d need to download an app.”
Thomas became suspicious and checked the X profile. “It looked like the real thing, but I noticed that there was an unexpected hyphen in the Twitter handle and that it had only joined X in July 2023,” he said.
In this example a newly created paid account was created on X, used to direct users to other platforms (T0146.002: Paid Account Asset, T0146.003: Verified Account Asset, T0146.005: Lookalike Account ID, T0097.205: Business Persona, T0122: Direct Users to Alternative Platforms, T0143.003: Impersonated Persona, T0151.008: Microblogging Platform, T0150.001: Newly Created Asset). |
+| [T0150.001 Newly Created Asset](../../generated_pages/techniques/T0150.001.md) | Consumers who complain of poor customer service on X are being targeted by scammers after the social media platform formerly known as Twitter changed its account verification process.
Bank customers and airline passengers are among those at risk of phishing scams when they complain to companies via X. Fraudsters, masquerading as customer service agents, respond under fake X handles and trick victims into disclosing their bank details to get a promised refund.
They typically win the trust of victims by displaying the blue checkmark icon, which until this year denoted accounts that had been officially verified by X.
Changes introduced this year allow the icon to be bought by anyone who pays an £11 monthly fee for the site’s subscription service, renamed this month from Twitter Blue to X Premium. Businesses that pay £950 a month receive a gold tick. X’s terms and conditions do not state whether subscriber accounts are pre-vetted.
Andrew Thomas was contacted by a scam account after posting a complaint to the travel platform Booking.com. “I’d been trying since April to get a refund after our holiday flights were cancelled and finally resorted to X,” he said.
“I received a response asking me to follow them, and DM [direct message] them with a contact number. They then called me via WhatsApp asking for my reference number so they could investigate. Later they called back to say that I would be refunded via their payment partner for which I’d need to download an app.”
Thomas became suspicious and checked the X profile. “It looked like the real thing, but I noticed that there was an unexpected hyphen in the Twitter handle and that it had only joined X in July 2023,” he said.
In this example a newly created paid account was created on X, used to direct users to other platforms (T0146.002: Paid Account Asset, T0146.003: Verified Account Asset, T0146.005: Lookalike Account ID, T0097.205: Business Persona, T0122: Direct Users to Alternative Platforms, T0143.003: Impersonated Persona, T0151.008: Microblogging Platform, T0150.001: Newly Created Asset). |
+| [T0151.008 Microblogging Platform](../../generated_pages/techniques/T0151.008.md) | Consumers who complain of poor customer service on X are being targeted by scammers after the social media platform formerly known as Twitter changed its account verification process.
Bank customers and airline passengers are among those at risk of phishing scams when they complain to companies via X. Fraudsters, masquerading as customer service agents, respond under fake X handles and trick victims into disclosing their bank details to get a promised refund.
They typically win the trust of victims by displaying the blue checkmark icon, which until this year denoted accounts that had been officially verified by X.
Changes introduced this year allow the icon to be bought by anyone who pays an £11 monthly fee for the site’s subscription service, renamed this month from Twitter Blue to X Premium. Businesses that pay £950 a month receive a gold tick. X’s terms and conditions do not state whether subscriber accounts are pre-vetted.
Andrew Thomas was contacted by a scam account after posting a complaint to the travel platform Booking.com. “I’d been trying since April to get a refund after our holiday flights were cancelled and finally resorted to X,” he said.
“I received a response asking me to follow them, and DM [direct message] them with a contact number. They then called me via WhatsApp asking for my reference number so they could investigate. Later they called back to say that I would be refunded via their payment partner for which I’d need to download an app.”
Thomas became suspicious and checked the X profile. “It looked like the real thing, but I noticed that there was an unexpected hyphen in the Twitter handle and that it had only joined X in July 2023,” he said.
In this example a newly created paid account was created on X, used to direct users to other platforms (T0146.002: Paid Account Asset, T0146.003: Verified Account Asset, T0146.005: Lookalike Account ID, T0097.205: Business Persona, T0122: Direct Users to Alternative Platforms, T0143.003: Impersonated Persona, T0151.008: Microblogging Platform, T0150.001: Newly Created Asset). |
DO NOT EDIT ABOVE THIS LINE - PLEASE ADD NOTES BELOW
\ No newline at end of file
diff --git a/generated_pages/incidents/I00118.md b/generated_pages/incidents/I00118.md
index 8d13a3c..b5763a9 100644
--- a/generated_pages/incidents/I00118.md
+++ b/generated_pages/incidents/I00118.md
@@ -21,12 +21,12 @@
| Technique | Description given for this incident |
| --------- | ------------------------- |
-| [T0089.001 Obtain Authentic Documents](../../generated_pages/techniques/T0089.001.md) | IT00000481 In an effort to prove that the developers behind a popular multiplayer vehicle combat game had made a mistake, a player went ahead and published classified British military documents about one of the real-life tanks featured in the game.
This truly bizarre turn of events recently occurred in the public forum for War Thunder, a free-to-player multiplayer combat sim featuring modern land, air, and sea craft. Getting a small detail wrong on a piece of equipment might not be a big deal for the average gamer, but for the War Thunder crowd it sure as hell is. With 25,000 devoted players, the game very much bills itself as the military vehicle combat simulator.
A player, who identified himself as a British tank commander, claimed that the game’s developers at Gaijin Entertainment had inaccurately represented the Challenger 2 main battle tank used by the British military.
The self-described tank commander’s bio listed his location as Tidworth Camp in Wiltshire, England, according to the UK Defense Journal, which reported that the base is home to the Royal Tank Regiment, which fields Challenger 2 tanks.
The player, who went by the handle Pyrophoric, reportedly shared an image on the War Thunder forum of the tank’s specs that were pulled from the Challenger 2’s Army Equipment Support Publication, which is essentially a technical manual.
[...]
A moderator for the forum, who’s handle is “Templar_”, explained that the developer had removed the material after they received confirmation from the Ministry of Defense that the document is still in fact classified.
A user of War Thunder’s forums posted confidential documents to win an argument (T0089.001: Obtain Authentic Documents, T0146: Account Asset, T0097.105: Military Personnel Persona, T0115: Post Content, T0143.001: Authentic Persona, T0151.009: Legacy Online Forum Platform). |
-| [T0097.105 Military Personnel Persona](../../generated_pages/techniques/T0097.105.md) | IT00000483 In an effort to prove that the developers behind a popular multiplayer vehicle combat game had made a mistake, a player went ahead and published classified British military documents about one of the real-life tanks featured in the game.
This truly bizarre turn of events recently occurred in the public forum for War Thunder, a free-to-player multiplayer combat sim featuring modern land, air, and sea craft. Getting a small detail wrong on a piece of equipment might not be a big deal for the average gamer, but for the War Thunder crowd it sure as hell is. With 25,000 devoted players, the game very much bills itself as the military vehicle combat simulator.
A player, who identified himself as a British tank commander, claimed that the game’s developers at Gaijin Entertainment had inaccurately represented the Challenger 2 main battle tank used by the British military.
The self-described tank commander’s bio listed his location as Tidworth Camp in Wiltshire, England, according to the UK Defense Journal, which reported that the base is home to the Royal Tank Regiment, which fields Challenger 2 tanks.
The player, who went by the handle Pyrophoric, reportedly shared an image on the War Thunder forum of the tank’s specs that were pulled from the Challenger 2’s Army Equipment Support Publication, which is essentially a technical manual.
[...]
A moderator for the forum, who’s handle is “Templar_”, explained that the developer had removed the material after they received confirmation from the Ministry of Defense that the document is still in fact classified.
A user of War Thunder’s forums posted confidential documents to win an argument (T0089.001: Obtain Authentic Documents, T0146: Account Asset, T0097.105: Military Personnel Persona, T0115: Post Content, T0143.001: Authentic Persona, T0151.009: Legacy Online Forum Platform). |
-| [T0115 Post Content](../../generated_pages/techniques/T0115.md) | IT00000484 In an effort to prove that the developers behind a popular multiplayer vehicle combat game had made a mistake, a player went ahead and published classified British military documents about one of the real-life tanks featured in the game.
This truly bizarre turn of events recently occurred in the public forum for War Thunder, a free-to-player multiplayer combat sim featuring modern land, air, and sea craft. Getting a small detail wrong on a piece of equipment might not be a big deal for the average gamer, but for the War Thunder crowd it sure as hell is. With 25,000 devoted players, the game very much bills itself as the military vehicle combat simulator.
A player, who identified himself as a British tank commander, claimed that the game’s developers at Gaijin Entertainment had inaccurately represented the Challenger 2 main battle tank used by the British military.
The self-described tank commander’s bio listed his location as Tidworth Camp in Wiltshire, England, according to the UK Defense Journal, which reported that the base is home to the Royal Tank Regiment, which fields Challenger 2 tanks.
The player, who went by the handle Pyrophoric, reportedly shared an image on the War Thunder forum of the tank’s specs that were pulled from the Challenger 2’s Army Equipment Support Publication, which is essentially a technical manual.
[...]
A moderator for the forum, who’s handle is “Templar_”, explained that the developer had removed the material after they received confirmation from the Ministry of Defense that the document is still in fact classified.
A user of War Thunder’s forums posted confidential documents to win an argument (T0089.001: Obtain Authentic Documents, T0146: Account Asset, T0097.105: Military Personnel Persona, T0115: Post Content, T0143.001: Authentic Persona, T0151.009: Legacy Online Forum Platform). |
-| [T0143.001 Authentic Persona](../../generated_pages/techniques/T0143.001.md) | IT00000485 In an effort to prove that the developers behind a popular multiplayer vehicle combat game had made a mistake, a player went ahead and published classified British military documents about one of the real-life tanks featured in the game.
This truly bizarre turn of events recently occurred in the public forum for War Thunder, a free-to-player multiplayer combat sim featuring modern land, air, and sea craft. Getting a small detail wrong on a piece of equipment might not be a big deal for the average gamer, but for the War Thunder crowd it sure as hell is. With 25,000 devoted players, the game very much bills itself as the military vehicle combat simulator.
A player, who identified himself as a British tank commander, claimed that the game’s developers at Gaijin Entertainment had inaccurately represented the Challenger 2 main battle tank used by the British military.
The self-described tank commander’s bio listed his location as Tidworth Camp in Wiltshire, England, according to the UK Defense Journal, which reported that the base is home to the Royal Tank Regiment, which fields Challenger 2 tanks.
The player, who went by the handle Pyrophoric, reportedly shared an image on the War Thunder forum of the tank’s specs that were pulled from the Challenger 2’s Army Equipment Support Publication, which is essentially a technical manual.
[...]
A moderator for the forum, who’s handle is “Templar_”, explained that the developer had removed the material after they received confirmation from the Ministry of Defense that the document is still in fact classified.
A user of War Thunder’s forums posted confidential documents to win an argument (T0089.001: Obtain Authentic Documents, T0146: Account Asset, T0097.105: Military Personnel Persona, T0115: Post Content, T0143.001: Authentic Persona, T0151.009: Legacy Online Forum Platform). |
-| [T0146 Account Asset](../../generated_pages/techniques/T0146.md) | IT00000482 In an effort to prove that the developers behind a popular multiplayer vehicle combat game had made a mistake, a player went ahead and published classified British military documents about one of the real-life tanks featured in the game.
This truly bizarre turn of events recently occurred in the public forum for War Thunder, a free-to-player multiplayer combat sim featuring modern land, air, and sea craft. Getting a small detail wrong on a piece of equipment might not be a big deal for the average gamer, but for the War Thunder crowd it sure as hell is. With 25,000 devoted players, the game very much bills itself as the military vehicle combat simulator.
A player, who identified himself as a British tank commander, claimed that the game’s developers at Gaijin Entertainment had inaccurately represented the Challenger 2 main battle tank used by the British military.
The self-described tank commander’s bio listed his location as Tidworth Camp in Wiltshire, England, according to the UK Defense Journal, which reported that the base is home to the Royal Tank Regiment, which fields Challenger 2 tanks.
The player, who went by the handle Pyrophoric, reportedly shared an image on the War Thunder forum of the tank’s specs that were pulled from the Challenger 2’s Army Equipment Support Publication, which is essentially a technical manual.
[...]
A moderator for the forum, who’s handle is “Templar_”, explained that the developer had removed the material after they received confirmation from the Ministry of Defense that the document is still in fact classified.
A user of War Thunder’s forums posted confidential documents to win an argument (T0089.001: Obtain Authentic Documents, T0146: Account Asset, T0097.105: Military Personnel Persona, T0115: Post Content, T0143.001: Authentic Persona, T0151.009: Legacy Online Forum Platform). |
-| [T0151.009 Legacy Online Forum Platform](../../generated_pages/techniques/T0151.009.md) | IT00000486 In an effort to prove that the developers behind a popular multiplayer vehicle combat game had made a mistake, a player went ahead and published classified British military documents about one of the real-life tanks featured in the game.
This truly bizarre turn of events recently occurred in the public forum for War Thunder, a free-to-player multiplayer combat sim featuring modern land, air, and sea craft. Getting a small detail wrong on a piece of equipment might not be a big deal for the average gamer, but for the War Thunder crowd it sure as hell is. With 25,000 devoted players, the game very much bills itself as the military vehicle combat simulator.
A player, who identified himself as a British tank commander, claimed that the game’s developers at Gaijin Entertainment had inaccurately represented the Challenger 2 main battle tank used by the British military.
The self-described tank commander’s bio listed his location as Tidworth Camp in Wiltshire, England, according to the UK Defense Journal, which reported that the base is home to the Royal Tank Regiment, which fields Challenger 2 tanks.
The player, who went by the handle Pyrophoric, reportedly shared an image on the War Thunder forum of the tank’s specs that were pulled from the Challenger 2’s Army Equipment Support Publication, which is essentially a technical manual.
[...]
A moderator for the forum, who’s handle is “Templar_”, explained that the developer had removed the material after they received confirmation from the Ministry of Defense that the document is still in fact classified.
A user of War Thunder’s forums posted confidential documents to win an argument (T0089.001: Obtain Authentic Documents, T0146: Account Asset, T0097.105: Military Personnel Persona, T0115: Post Content, T0143.001: Authentic Persona, T0151.009: Legacy Online Forum Platform). |
+| [T0089.001 Obtain Authentic Documents](../../generated_pages/techniques/T0089.001.md) | In an effort to prove that the developers behind a popular multiplayer vehicle combat game had made a mistake, a player went ahead and published classified British military documents about one of the real-life tanks featured in the game.
This truly bizarre turn of events recently occurred in the public forum for War Thunder, a free-to-player multiplayer combat sim featuring modern land, air, and sea craft. Getting a small detail wrong on a piece of equipment might not be a big deal for the average gamer, but for the War Thunder crowd it sure as hell is. With 25,000 devoted players, the game very much bills itself as the military vehicle combat simulator.
A player, who identified himself as a British tank commander, claimed that the game’s developers at Gaijin Entertainment had inaccurately represented the Challenger 2 main battle tank used by the British military.
The self-described tank commander’s bio listed his location as Tidworth Camp in Wiltshire, England, according to the UK Defense Journal, which reported that the base is home to the Royal Tank Regiment, which fields Challenger 2 tanks.
The player, who went by the handle Pyrophoric, reportedly shared an image on the War Thunder forum of the tank’s specs that were pulled from the Challenger 2’s Army Equipment Support Publication, which is essentially a technical manual.
[...]
A moderator for the forum, who’s handle is “Templar_”, explained that the developer had removed the material after they received confirmation from the Ministry of Defense that the document is still in fact classified.
A user of War Thunder’s forums posted confidential documents to win an argument (T0089.001: Obtain Authentic Documents, T0146: Account Asset, T0097.105: Military Personnel Persona, T0115: Post Content, T0143.001: Authentic Persona, T0151.009: Legacy Online Forum Platform). |
+| [T0097.105 Military Personnel Persona](../../generated_pages/techniques/T0097.105.md) | In an effort to prove that the developers behind a popular multiplayer vehicle combat game had made a mistake, a player went ahead and published classified British military documents about one of the real-life tanks featured in the game.
This truly bizarre turn of events recently occurred in the public forum for War Thunder, a free-to-player multiplayer combat sim featuring modern land, air, and sea craft. Getting a small detail wrong on a piece of equipment might not be a big deal for the average gamer, but for the War Thunder crowd it sure as hell is. With 25,000 devoted players, the game very much bills itself as the military vehicle combat simulator.
A player, who identified himself as a British tank commander, claimed that the game’s developers at Gaijin Entertainment had inaccurately represented the Challenger 2 main battle tank used by the British military.
The self-described tank commander’s bio listed his location as Tidworth Camp in Wiltshire, England, according to the UK Defense Journal, which reported that the base is home to the Royal Tank Regiment, which fields Challenger 2 tanks.
The player, who went by the handle Pyrophoric, reportedly shared an image on the War Thunder forum of the tank’s specs that were pulled from the Challenger 2’s Army Equipment Support Publication, which is essentially a technical manual.
[...]
A moderator for the forum, who’s handle is “Templar_”, explained that the developer had removed the material after they received confirmation from the Ministry of Defense that the document is still in fact classified.
A user of War Thunder’s forums posted confidential documents to win an argument (T0089.001: Obtain Authentic Documents, T0146: Account Asset, T0097.105: Military Personnel Persona, T0115: Post Content, T0143.001: Authentic Persona, T0151.009: Legacy Online Forum Platform). |
+| [T0115 Post Content](../../generated_pages/techniques/T0115.md) | In an effort to prove that the developers behind a popular multiplayer vehicle combat game had made a mistake, a player went ahead and published classified British military documents about one of the real-life tanks featured in the game.
This truly bizarre turn of events recently occurred in the public forum for War Thunder, a free-to-player multiplayer combat sim featuring modern land, air, and sea craft. Getting a small detail wrong on a piece of equipment might not be a big deal for the average gamer, but for the War Thunder crowd it sure as hell is. With 25,000 devoted players, the game very much bills itself as the military vehicle combat simulator.
A player, who identified himself as a British tank commander, claimed that the game’s developers at Gaijin Entertainment had inaccurately represented the Challenger 2 main battle tank used by the British military.
The self-described tank commander’s bio listed his location as Tidworth Camp in Wiltshire, England, according to the UK Defense Journal, which reported that the base is home to the Royal Tank Regiment, which fields Challenger 2 tanks.
The player, who went by the handle Pyrophoric, reportedly shared an image on the War Thunder forum of the tank’s specs that were pulled from the Challenger 2’s Army Equipment Support Publication, which is essentially a technical manual.
[...]
A moderator for the forum, who’s handle is “Templar_”, explained that the developer had removed the material after they received confirmation from the Ministry of Defense that the document is still in fact classified.
A user of War Thunder’s forums posted confidential documents to win an argument (T0089.001: Obtain Authentic Documents, T0146: Account Asset, T0097.105: Military Personnel Persona, T0115: Post Content, T0143.001: Authentic Persona, T0151.009: Legacy Online Forum Platform). |
+| [T0143.001 Authentic Persona](../../generated_pages/techniques/T0143.001.md) | In an effort to prove that the developers behind a popular multiplayer vehicle combat game had made a mistake, a player went ahead and published classified British military documents about one of the real-life tanks featured in the game.
This truly bizarre turn of events recently occurred in the public forum for War Thunder, a free-to-player multiplayer combat sim featuring modern land, air, and sea craft. Getting a small detail wrong on a piece of equipment might not be a big deal for the average gamer, but for the War Thunder crowd it sure as hell is. With 25,000 devoted players, the game very much bills itself as the military vehicle combat simulator.
A player, who identified himself as a British tank commander, claimed that the game’s developers at Gaijin Entertainment had inaccurately represented the Challenger 2 main battle tank used by the British military.
The self-described tank commander’s bio listed his location as Tidworth Camp in Wiltshire, England, according to the UK Defense Journal, which reported that the base is home to the Royal Tank Regiment, which fields Challenger 2 tanks.
The player, who went by the handle Pyrophoric, reportedly shared an image on the War Thunder forum of the tank’s specs that were pulled from the Challenger 2’s Army Equipment Support Publication, which is essentially a technical manual.
[...]
A moderator for the forum, who’s handle is “Templar_”, explained that the developer had removed the material after they received confirmation from the Ministry of Defense that the document is still in fact classified.
A user of War Thunder’s forums posted confidential documents to win an argument (T0089.001: Obtain Authentic Documents, T0146: Account Asset, T0097.105: Military Personnel Persona, T0115: Post Content, T0143.001: Authentic Persona, T0151.009: Legacy Online Forum Platform). |
+| [T0146 Account Asset](../../generated_pages/techniques/T0146.md) | In an effort to prove that the developers behind a popular multiplayer vehicle combat game had made a mistake, a player went ahead and published classified British military documents about one of the real-life tanks featured in the game.
This truly bizarre turn of events recently occurred in the public forum for War Thunder, a free-to-player multiplayer combat sim featuring modern land, air, and sea craft. Getting a small detail wrong on a piece of equipment might not be a big deal for the average gamer, but for the War Thunder crowd it sure as hell is. With 25,000 devoted players, the game very much bills itself as the military vehicle combat simulator.
A player, who identified himself as a British tank commander, claimed that the game’s developers at Gaijin Entertainment had inaccurately represented the Challenger 2 main battle tank used by the British military.
The self-described tank commander’s bio listed his location as Tidworth Camp in Wiltshire, England, according to the UK Defense Journal, which reported that the base is home to the Royal Tank Regiment, which fields Challenger 2 tanks.
The player, who went by the handle Pyrophoric, reportedly shared an image on the War Thunder forum of the tank’s specs that were pulled from the Challenger 2’s Army Equipment Support Publication, which is essentially a technical manual.
[...]
A moderator for the forum, who’s handle is “Templar_”, explained that the developer had removed the material after they received confirmation from the Ministry of Defense that the document is still in fact classified.
A user of War Thunder’s forums posted confidential documents to win an argument (T0089.001: Obtain Authentic Documents, T0146: Account Asset, T0097.105: Military Personnel Persona, T0115: Post Content, T0143.001: Authentic Persona, T0151.009: Legacy Online Forum Platform). |
+| [T0151.009 Legacy Online Forum Platform](../../generated_pages/techniques/T0151.009.md) | In an effort to prove that the developers behind a popular multiplayer vehicle combat game had made a mistake, a player went ahead and published classified British military documents about one of the real-life tanks featured in the game.
This truly bizarre turn of events recently occurred in the public forum for War Thunder, a free-to-player multiplayer combat sim featuring modern land, air, and sea craft. Getting a small detail wrong on a piece of equipment might not be a big deal for the average gamer, but for the War Thunder crowd it sure as hell is. With 25,000 devoted players, the game very much bills itself as the military vehicle combat simulator.
A player, who identified himself as a British tank commander, claimed that the game’s developers at Gaijin Entertainment had inaccurately represented the Challenger 2 main battle tank used by the British military.
The self-described tank commander’s bio listed his location as Tidworth Camp in Wiltshire, England, according to the UK Defense Journal, which reported that the base is home to the Royal Tank Regiment, which fields Challenger 2 tanks.
The player, who went by the handle Pyrophoric, reportedly shared an image on the War Thunder forum of the tank’s specs that were pulled from the Challenger 2’s Army Equipment Support Publication, which is essentially a technical manual.
[...]
A moderator for the forum, who’s handle is “Templar_”, explained that the developer had removed the material after they received confirmation from the Ministry of Defense that the document is still in fact classified.
A user of War Thunder’s forums posted confidential documents to win an argument (T0089.001: Obtain Authentic Documents, T0146: Account Asset, T0097.105: Military Personnel Persona, T0115: Post Content, T0143.001: Authentic Persona, T0151.009: Legacy Online Forum Platform). |
DO NOT EDIT ABOVE THIS LINE - PLEASE ADD NOTES BELOW
\ No newline at end of file
diff --git a/generated_pages/incidents/I00119.md b/generated_pages/incidents/I00119.md
index 8278bd7..38e6a86 100644
--- a/generated_pages/incidents/I00119.md
+++ b/generated_pages/incidents/I00119.md
@@ -21,14 +21,14 @@
| Technique | Description given for this incident |
| --------- | ------------------------- |
-| [T0089 Obtain Private Documents](../../generated_pages/techniques/T0089.md) | IT00000489 An American journalist who runs an independent newsletter published a document [on 26 Sep 2024] that appears to have been stolen from Donald Trump’s presidential campaign — the first public posting of a file that is believed to be part of a dossier that federal officials say is part of an Iranian effort to manipulate the [2024] U.S. election.
The PDF document is a 271-page opposition research file on former President Donald Trump’s running mate, Sen. JD Vance, R-Ohio.
For more than two months, hackers who the U.S. says are tied to Iran have tried to persuade the American media to cover files they stole. No outlets took the bait.
But on Thursday, reporter Ken Klippenstein, who self-publishes on Substack after he left The Intercept this year, published one of the files.
[...]
Reporters who have received the documents describe the same pattern: An AOL account emails them files, signed by a person using the name “Robert,” who is reluctant to speak to their identity or reasons for wanting the documents to receive coverage.
NBC News was not part of the Robert persona’s direct outreach, but it has viewed its correspondence with a reporter at another publication.
One of the emails from the Robert persona previously viewed by NBC News included three large PDF files, each corresponding to Trump’s three reported finalists for vice president. The Vance file appears to be the one Klippenstein hosts on his site.
In this example hackers attributed to Iran used the Robert persona to email journalists hacked documents (T0146: Account Asset, T0097.100: Individual Persona, T0153.001: Email Platform).
The journalist Ken Kippenstien used his existing blog on substack to host a link to download the document (T0089: Obtain Private Documents, T0097.102: Journalist Persona, T0115: Post Content, T0143.001: Authentic Persona, T0152.001: Blogging Platform, T0152.002: Blog Asset, T0150.003: Pre-Existing Asset). |
-| [T0097.100 Individual Persona](../../generated_pages/techniques/T0097.100.md) | IT00000488 An American journalist who runs an independent newsletter published a document [on 26 Sep 2024] that appears to have been stolen from Donald Trump’s presidential campaign — the first public posting of a file that is believed to be part of a dossier that federal officials say is part of an Iranian effort to manipulate the [2024] U.S. election.
The PDF document is a 271-page opposition research file on former President Donald Trump’s running mate, Sen. JD Vance, R-Ohio.
For more than two months, hackers who the U.S. says are tied to Iran have tried to persuade the American media to cover files they stole. No outlets took the bait.
But on Thursday, reporter Ken Klippenstein, who self-publishes on Substack after he left The Intercept this year, published one of the files.
[...]
Reporters who have received the documents describe the same pattern: An AOL account emails them files, signed by a person using the name “Robert,” who is reluctant to speak to their identity or reasons for wanting the documents to receive coverage.
NBC News was not part of the Robert persona’s direct outreach, but it has viewed its correspondence with a reporter at another publication.
One of the emails from the Robert persona previously viewed by NBC News included three large PDF files, each corresponding to Trump’s three reported finalists for vice president. The Vance file appears to be the one Klippenstein hosts on his site.
In this example hackers attributed to Iran used the Robert persona to email journalists hacked documents (T0146: Account Asset, T0097.100: Individual Persona, T0153.001: Email Platform).
The journalist Ken Kippenstien used his existing blog on substack to host a link to download the document (T0089: Obtain Private Documents, T0097.102: Journalist Persona, T0115: Post Content, T0143.001: Authentic Persona, T0152.001: Blogging Platform, T0152.002: Blog Asset, T0150.003: Pre-Existing Asset). |
-| [T0097.102 Journalist Persona](../../generated_pages/techniques/T0097.102.md) | IT00000490 An American journalist who runs an independent newsletter published a document [on 26 Sep 2024] that appears to have been stolen from Donald Trump’s presidential campaign — the first public posting of a file that is believed to be part of a dossier that federal officials say is part of an Iranian effort to manipulate the [2024] U.S. election.
The PDF document is a 271-page opposition research file on former President Donald Trump’s running mate, Sen. JD Vance, R-Ohio.
For more than two months, hackers who the U.S. says are tied to Iran have tried to persuade the American media to cover files they stole. No outlets took the bait.
But on Thursday, reporter Ken Klippenstein, who self-publishes on Substack after he left The Intercept this year, published one of the files.
[...]
Reporters who have received the documents describe the same pattern: An AOL account emails them files, signed by a person using the name “Robert,” who is reluctant to speak to their identity or reasons for wanting the documents to receive coverage.
NBC News was not part of the Robert persona’s direct outreach, but it has viewed its correspondence with a reporter at another publication.
One of the emails from the Robert persona previously viewed by NBC News included three large PDF files, each corresponding to Trump’s three reported finalists for vice president. The Vance file appears to be the one Klippenstein hosts on his site.
In this example hackers attributed to Iran used the Robert persona to email journalists hacked documents (T0146: Account Asset, T0097.100: Individual Persona, T0153.001: Email Platform).
The journalist Ken Kippenstien used his existing blog on substack to host a link to download the document (T0089: Obtain Private Documents, T0097.102: Journalist Persona, T0115: Post Content, T0143.001: Authentic Persona, T0152.001: Blogging Platform, T0152.002: Blog Asset, T0150.003: Pre-Existing Asset). |
-| [T0143.001 Authentic Persona](../../generated_pages/techniques/T0143.001.md) | IT00000491 An American journalist who runs an independent newsletter published a document [on 26 Sep 2024] that appears to have been stolen from Donald Trump’s presidential campaign — the first public posting of a file that is believed to be part of a dossier that federal officials say is part of an Iranian effort to manipulate the [2024] U.S. election.
The PDF document is a 271-page opposition research file on former President Donald Trump’s running mate, Sen. JD Vance, R-Ohio.
For more than two months, hackers who the U.S. says are tied to Iran have tried to persuade the American media to cover files they stole. No outlets took the bait.
But on Thursday, reporter Ken Klippenstein, who self-publishes on Substack after he left The Intercept this year, published one of the files.
[...]
Reporters who have received the documents describe the same pattern: An AOL account emails them files, signed by a person using the name “Robert,” who is reluctant to speak to their identity or reasons for wanting the documents to receive coverage.
NBC News was not part of the Robert persona’s direct outreach, but it has viewed its correspondence with a reporter at another publication.
One of the emails from the Robert persona previously viewed by NBC News included three large PDF files, each corresponding to Trump’s three reported finalists for vice president. The Vance file appears to be the one Klippenstein hosts on his site.
In this example hackers attributed to Iran used the Robert persona to email journalists hacked documents (T0146: Account Asset, T0097.100: Individual Persona, T0153.001: Email Platform).
The journalist Ken Kippenstien used his existing blog on substack to host a link to download the document (T0089: Obtain Private Documents, T0097.102: Journalist Persona, T0115: Post Content, T0143.001: Authentic Persona, T0152.001: Blogging Platform, T0152.002: Blog Asset, T0150.003: Pre-Existing Asset). |
-| [T0150.003 Pre-Existing Asset](../../generated_pages/techniques/T0150.003.md) | IT00000494 An American journalist who runs an independent newsletter published a document [on 26 Sep 2024] that appears to have been stolen from Donald Trump’s presidential campaign — the first public posting of a file that is believed to be part of a dossier that federal officials say is part of an Iranian effort to manipulate the [2024] U.S. election.
The PDF document is a 271-page opposition research file on former President Donald Trump’s running mate, Sen. JD Vance, R-Ohio.
For more than two months, hackers who the U.S. says are tied to Iran have tried to persuade the American media to cover files they stole. No outlets took the bait.
But on Thursday, reporter Ken Klippenstein, who self-publishes on Substack after he left The Intercept this year, published one of the files.
[...]
Reporters who have received the documents describe the same pattern: An AOL account emails them files, signed by a person using the name “Robert,” who is reluctant to speak to their identity or reasons for wanting the documents to receive coverage.
NBC News was not part of the Robert persona’s direct outreach, but it has viewed its correspondence with a reporter at another publication.
One of the emails from the Robert persona previously viewed by NBC News included three large PDF files, each corresponding to Trump’s three reported finalists for vice president. The Vance file appears to be the one Klippenstein hosts on his site.
In this example hackers attributed to Iran used the Robert persona to email journalists hacked documents (T0146: Account Asset, T0097.100: Individual Persona, T0153.001: Email Platform).
The journalist Ken Kippenstien used his existing blog on substack to host a link to download the document (T0089: Obtain Private Documents, T0097.102: Journalist Persona, T0115: Post Content, T0143.001: Authentic Persona, T0152.001: Blogging Platform, T0152.002: Blog Asset, T0150.003: Pre-Existing Asset). |
-| [T0152.001 Blogging Platform](../../generated_pages/techniques/T0152.001.md) | IT00000492 An American journalist who runs an independent newsletter published a document [on 26 Sep 2024] that appears to have been stolen from Donald Trump’s presidential campaign — the first public posting of a file that is believed to be part of a dossier that federal officials say is part of an Iranian effort to manipulate the [2024] U.S. election.
The PDF document is a 271-page opposition research file on former President Donald Trump’s running mate, Sen. JD Vance, R-Ohio.
For more than two months, hackers who the U.S. says are tied to Iran have tried to persuade the American media to cover files they stole. No outlets took the bait.
But on Thursday, reporter Ken Klippenstein, who self-publishes on Substack after he left The Intercept this year, published one of the files.
[...]
Reporters who have received the documents describe the same pattern: An AOL account emails them files, signed by a person using the name “Robert,” who is reluctant to speak to their identity or reasons for wanting the documents to receive coverage.
NBC News was not part of the Robert persona’s direct outreach, but it has viewed its correspondence with a reporter at another publication.
One of the emails from the Robert persona previously viewed by NBC News included three large PDF files, each corresponding to Trump’s three reported finalists for vice president. The Vance file appears to be the one Klippenstein hosts on his site.
In this example hackers attributed to Iran used the Robert persona to email journalists hacked documents (T0146: Account Asset, T0097.100: Individual Persona, T0153.001: Email Platform).
The journalist Ken Kippenstien used his existing blog on substack to host a link to download the document (T0089: Obtain Private Documents, T0097.102: Journalist Persona, T0115: Post Content, T0143.001: Authentic Persona, T0152.001: Blogging Platform, T0152.002: Blog Asset, T0150.003: Pre-Existing Asset). |
-| [T0152.002 Blog Asset](../../generated_pages/techniques/T0152.002.md) | IT00000493 An American journalist who runs an independent newsletter published a document [on 26 Sep 2024] that appears to have been stolen from Donald Trump’s presidential campaign — the first public posting of a file that is believed to be part of a dossier that federal officials say is part of an Iranian effort to manipulate the [2024] U.S. election.
The PDF document is a 271-page opposition research file on former President Donald Trump’s running mate, Sen. JD Vance, R-Ohio.
For more than two months, hackers who the U.S. says are tied to Iran have tried to persuade the American media to cover files they stole. No outlets took the bait.
But on Thursday, reporter Ken Klippenstein, who self-publishes on Substack after he left The Intercept this year, published one of the files.
[...]
Reporters who have received the documents describe the same pattern: An AOL account emails them files, signed by a person using the name “Robert,” who is reluctant to speak to their identity or reasons for wanting the documents to receive coverage.
NBC News was not part of the Robert persona’s direct outreach, but it has viewed its correspondence with a reporter at another publication.
One of the emails from the Robert persona previously viewed by NBC News included three large PDF files, each corresponding to Trump’s three reported finalists for vice president. The Vance file appears to be the one Klippenstein hosts on his site.
In this example hackers attributed to Iran used the Robert persona to email journalists hacked documents (T0146: Account Asset, T0097.100: Individual Persona, T0153.001: Email Platform).
The journalist Ken Kippenstien used his existing blog on substack to host a link to download the document (T0089: Obtain Private Documents, T0097.102: Journalist Persona, T0115: Post Content, T0143.001: Authentic Persona, T0152.001: Blogging Platform, T0152.002: Blog Asset, T0150.003: Pre-Existing Asset). |
-| [T0153.001 Email Platform](../../generated_pages/techniques/T0153.001.md) | IT00000487 An American journalist who runs an independent newsletter published a document [on 26 Sep 2024] that appears to have been stolen from Donald Trump’s presidential campaign — the first public posting of a file that is believed to be part of a dossier that federal officials say is part of an Iranian effort to manipulate the [2024] U.S. election.
The PDF document is a 271-page opposition research file on former President Donald Trump’s running mate, Sen. JD Vance, R-Ohio.
For more than two months, hackers who the U.S. says are tied to Iran have tried to persuade the American media to cover files they stole. No outlets took the bait.
But on Thursday, reporter Ken Klippenstein, who self-publishes on Substack after he left The Intercept this year, published one of the files.
[...]
Reporters who have received the documents describe the same pattern: An AOL account emails them files, signed by a person using the name “Robert,” who is reluctant to speak to their identity or reasons for wanting the documents to receive coverage.
NBC News was not part of the Robert persona’s direct outreach, but it has viewed its correspondence with a reporter at another publication.
One of the emails from the Robert persona previously viewed by NBC News included three large PDF files, each corresponding to Trump’s three reported finalists for vice president. The Vance file appears to be the one Klippenstein hosts on his site.
In this example hackers attributed to Iran used the Robert persona to email journalists hacked documents (T0146: Account Asset, T0097.100: Individual Persona, T0153.001: Email Platform).
The journalist Ken Kippenstien used his existing blog on substack to host a link to download the document (T0089: Obtain Private Documents, T0097.102: Journalist Persona, T0115: Post Content, T0143.001: Authentic Persona, T0152.001: Blogging Platform, T0152.002: Blog Asset, T0150.003: Pre-Existing Asset). |
+| [T0089 Obtain Private Documents](../../generated_pages/techniques/T0089.md) | An American journalist who runs an independent newsletter published a document [on 26 Sep 2024] that appears to have been stolen from Donald Trump’s presidential campaign — the first public posting of a file that is believed to be part of a dossier that federal officials say is part of an Iranian effort to manipulate the [2024] U.S. election.
The PDF document is a 271-page opposition research file on former President Donald Trump’s running mate, Sen. JD Vance, R-Ohio.
For more than two months, hackers who the U.S. says are tied to Iran have tried to persuade the American media to cover files they stole. No outlets took the bait.
But on Thursday, reporter Ken Klippenstein, who self-publishes on Substack after he left The Intercept this year, published one of the files.
[...]
Reporters who have received the documents describe the same pattern: An AOL account emails them files, signed by a person using the name “Robert,” who is reluctant to speak to their identity or reasons for wanting the documents to receive coverage.
NBC News was not part of the Robert persona’s direct outreach, but it has viewed its correspondence with a reporter at another publication.
One of the emails from the Robert persona previously viewed by NBC News included three large PDF files, each corresponding to Trump’s three reported finalists for vice president. The Vance file appears to be the one Klippenstein hosts on his site.
In this example hackers attributed to Iran used the Robert persona to email journalists hacked documents (T0146: Account Asset, T0097.100: Individual Persona, T0153.001: Email Platform).
The journalist Ken Kippenstien used his existing blog on substack to host a link to download the document (T0089: Obtain Private Documents, T0097.102: Journalist Persona, T0115: Post Content, T0143.001: Authentic Persona, T0152.001: Blogging Platform, T0152.002: Blog Asset, T0150.003: Pre-Existing Asset). |
+| [T0097.100 Individual Persona](../../generated_pages/techniques/T0097.100.md) | An American journalist who runs an independent newsletter published a document [on 26 Sep 2024] that appears to have been stolen from Donald Trump’s presidential campaign — the first public posting of a file that is believed to be part of a dossier that federal officials say is part of an Iranian effort to manipulate the [2024] U.S. election.
The PDF document is a 271-page opposition research file on former President Donald Trump’s running mate, Sen. JD Vance, R-Ohio.
For more than two months, hackers who the U.S. says are tied to Iran have tried to persuade the American media to cover files they stole. No outlets took the bait.
But on Thursday, reporter Ken Klippenstein, who self-publishes on Substack after he left The Intercept this year, published one of the files.
[...]
Reporters who have received the documents describe the same pattern: An AOL account emails them files, signed by a person using the name “Robert,” who is reluctant to speak to their identity or reasons for wanting the documents to receive coverage.
NBC News was not part of the Robert persona’s direct outreach, but it has viewed its correspondence with a reporter at another publication.
One of the emails from the Robert persona previously viewed by NBC News included three large PDF files, each corresponding to Trump’s three reported finalists for vice president. The Vance file appears to be the one Klippenstein hosts on his site.
In this example hackers attributed to Iran used the Robert persona to email journalists hacked documents (T0146: Account Asset, T0097.100: Individual Persona, T0153.001: Email Platform).
The journalist Ken Kippenstien used his existing blog on substack to host a link to download the document (T0089: Obtain Private Documents, T0097.102: Journalist Persona, T0115: Post Content, T0143.001: Authentic Persona, T0152.001: Blogging Platform, T0152.002: Blog Asset, T0150.003: Pre-Existing Asset). |
+| [T0097.102 Journalist Persona](../../generated_pages/techniques/T0097.102.md) | An American journalist who runs an independent newsletter published a document [on 26 Sep 2024] that appears to have been stolen from Donald Trump’s presidential campaign — the first public posting of a file that is believed to be part of a dossier that federal officials say is part of an Iranian effort to manipulate the [2024] U.S. election.
The PDF document is a 271-page opposition research file on former President Donald Trump’s running mate, Sen. JD Vance, R-Ohio.
For more than two months, hackers who the U.S. says are tied to Iran have tried to persuade the American media to cover files they stole. No outlets took the bait.
But on Thursday, reporter Ken Klippenstein, who self-publishes on Substack after he left The Intercept this year, published one of the files.
[...]
Reporters who have received the documents describe the same pattern: An AOL account emails them files, signed by a person using the name “Robert,” who is reluctant to speak to their identity or reasons for wanting the documents to receive coverage.
NBC News was not part of the Robert persona’s direct outreach, but it has viewed its correspondence with a reporter at another publication.
One of the emails from the Robert persona previously viewed by NBC News included three large PDF files, each corresponding to Trump’s three reported finalists for vice president. The Vance file appears to be the one Klippenstein hosts on his site.
In this example hackers attributed to Iran used the Robert persona to email journalists hacked documents (T0146: Account Asset, T0097.100: Individual Persona, T0153.001: Email Platform).
The journalist Ken Kippenstien used his existing blog on substack to host a link to download the document (T0089: Obtain Private Documents, T0097.102: Journalist Persona, T0115: Post Content, T0143.001: Authentic Persona, T0152.001: Blogging Platform, T0152.002: Blog Asset, T0150.003: Pre-Existing Asset). |
+| [T0143.001 Authentic Persona](../../generated_pages/techniques/T0143.001.md) | An American journalist who runs an independent newsletter published a document [on 26 Sep 2024] that appears to have been stolen from Donald Trump’s presidential campaign — the first public posting of a file that is believed to be part of a dossier that federal officials say is part of an Iranian effort to manipulate the [2024] U.S. election.
The PDF document is a 271-page opposition research file on former President Donald Trump’s running mate, Sen. JD Vance, R-Ohio.
For more than two months, hackers who the U.S. says are tied to Iran have tried to persuade the American media to cover files they stole. No outlets took the bait.
But on Thursday, reporter Ken Klippenstein, who self-publishes on Substack after he left The Intercept this year, published one of the files.
[...]
Reporters who have received the documents describe the same pattern: An AOL account emails them files, signed by a person using the name “Robert,” who is reluctant to speak to their identity or reasons for wanting the documents to receive coverage.
NBC News was not part of the Robert persona’s direct outreach, but it has viewed its correspondence with a reporter at another publication.
One of the emails from the Robert persona previously viewed by NBC News included three large PDF files, each corresponding to Trump’s three reported finalists for vice president. The Vance file appears to be the one Klippenstein hosts on his site.
In this example hackers attributed to Iran used the Robert persona to email journalists hacked documents (T0146: Account Asset, T0097.100: Individual Persona, T0153.001: Email Platform).
The journalist Ken Kippenstien used his existing blog on substack to host a link to download the document (T0089: Obtain Private Documents, T0097.102: Journalist Persona, T0115: Post Content, T0143.001: Authentic Persona, T0152.001: Blogging Platform, T0152.002: Blog Asset, T0150.003: Pre-Existing Asset). |
+| [T0150.003 Pre-Existing Asset](../../generated_pages/techniques/T0150.003.md) | An American journalist who runs an independent newsletter published a document [on 26 Sep 2024] that appears to have been stolen from Donald Trump’s presidential campaign — the first public posting of a file that is believed to be part of a dossier that federal officials say is part of an Iranian effort to manipulate the [2024] U.S. election.
The PDF document is a 271-page opposition research file on former President Donald Trump’s running mate, Sen. JD Vance, R-Ohio.
For more than two months, hackers who the U.S. says are tied to Iran have tried to persuade the American media to cover files they stole. No outlets took the bait.
But on Thursday, reporter Ken Klippenstein, who self-publishes on Substack after he left The Intercept this year, published one of the files.
[...]
Reporters who have received the documents describe the same pattern: An AOL account emails them files, signed by a person using the name “Robert,” who is reluctant to speak to their identity or reasons for wanting the documents to receive coverage.
NBC News was not part of the Robert persona’s direct outreach, but it has viewed its correspondence with a reporter at another publication.
One of the emails from the Robert persona previously viewed by NBC News included three large PDF files, each corresponding to Trump’s three reported finalists for vice president. The Vance file appears to be the one Klippenstein hosts on his site.
In this example hackers attributed to Iran used the Robert persona to email journalists hacked documents (T0146: Account Asset, T0097.100: Individual Persona, T0153.001: Email Platform).
The journalist Ken Kippenstien used his existing blog on substack to host a link to download the document (T0089: Obtain Private Documents, T0097.102: Journalist Persona, T0115: Post Content, T0143.001: Authentic Persona, T0152.001: Blogging Platform, T0152.002: Blog Asset, T0150.003: Pre-Existing Asset). |
+| [T0152.001 Blogging Platform](../../generated_pages/techniques/T0152.001.md) | An American journalist who runs an independent newsletter published a document [on 26 Sep 2024] that appears to have been stolen from Donald Trump’s presidential campaign — the first public posting of a file that is believed to be part of a dossier that federal officials say is part of an Iranian effort to manipulate the [2024] U.S. election.
The PDF document is a 271-page opposition research file on former President Donald Trump’s running mate, Sen. JD Vance, R-Ohio.
For more than two months, hackers who the U.S. says are tied to Iran have tried to persuade the American media to cover files they stole. No outlets took the bait.
But on Thursday, reporter Ken Klippenstein, who self-publishes on Substack after he left The Intercept this year, published one of the files.
[...]
Reporters who have received the documents describe the same pattern: An AOL account emails them files, signed by a person using the name “Robert,” who is reluctant to speak to their identity or reasons for wanting the documents to receive coverage.
NBC News was not part of the Robert persona’s direct outreach, but it has viewed its correspondence with a reporter at another publication.
One of the emails from the Robert persona previously viewed by NBC News included three large PDF files, each corresponding to Trump’s three reported finalists for vice president. The Vance file appears to be the one Klippenstein hosts on his site.
In this example hackers attributed to Iran used the Robert persona to email journalists hacked documents (T0146: Account Asset, T0097.100: Individual Persona, T0153.001: Email Platform).
The journalist Ken Kippenstien used his existing blog on substack to host a link to download the document (T0089: Obtain Private Documents, T0097.102: Journalist Persona, T0115: Post Content, T0143.001: Authentic Persona, T0152.001: Blogging Platform, T0152.002: Blog Asset, T0150.003: Pre-Existing Asset). |
+| [T0152.002 Blog Asset](../../generated_pages/techniques/T0152.002.md) | An American journalist who runs an independent newsletter published a document [on 26 Sep 2024] that appears to have been stolen from Donald Trump’s presidential campaign — the first public posting of a file that is believed to be part of a dossier that federal officials say is part of an Iranian effort to manipulate the [2024] U.S. election.
The PDF document is a 271-page opposition research file on former President Donald Trump’s running mate, Sen. JD Vance, R-Ohio.
For more than two months, hackers who the U.S. says are tied to Iran have tried to persuade the American media to cover files they stole. No outlets took the bait.
But on Thursday, reporter Ken Klippenstein, who self-publishes on Substack after he left The Intercept this year, published one of the files.
[...]
Reporters who have received the documents describe the same pattern: An AOL account emails them files, signed by a person using the name “Robert,” who is reluctant to speak to their identity or reasons for wanting the documents to receive coverage.
NBC News was not part of the Robert persona’s direct outreach, but it has viewed its correspondence with a reporter at another publication.
One of the emails from the Robert persona previously viewed by NBC News included three large PDF files, each corresponding to Trump’s three reported finalists for vice president. The Vance file appears to be the one Klippenstein hosts on his site.
In this example hackers attributed to Iran used the Robert persona to email journalists hacked documents (T0146: Account Asset, T0097.100: Individual Persona, T0153.001: Email Platform).
The journalist Ken Kippenstien used his existing blog on substack to host a link to download the document (T0089: Obtain Private Documents, T0097.102: Journalist Persona, T0115: Post Content, T0143.001: Authentic Persona, T0152.001: Blogging Platform, T0152.002: Blog Asset, T0150.003: Pre-Existing Asset). |
+| [T0153.001 Email Platform](../../generated_pages/techniques/T0153.001.md) | An American journalist who runs an independent newsletter published a document [on 26 Sep 2024] that appears to have been stolen from Donald Trump’s presidential campaign — the first public posting of a file that is believed to be part of a dossier that federal officials say is part of an Iranian effort to manipulate the [2024] U.S. election.
The PDF document is a 271-page opposition research file on former President Donald Trump’s running mate, Sen. JD Vance, R-Ohio.
For more than two months, hackers who the U.S. says are tied to Iran have tried to persuade the American media to cover files they stole. No outlets took the bait.
But on Thursday, reporter Ken Klippenstein, who self-publishes on Substack after he left The Intercept this year, published one of the files.
[...]
Reporters who have received the documents describe the same pattern: An AOL account emails them files, signed by a person using the name “Robert,” who is reluctant to speak to their identity or reasons for wanting the documents to receive coverage.
NBC News was not part of the Robert persona’s direct outreach, but it has viewed its correspondence with a reporter at another publication.
One of the emails from the Robert persona previously viewed by NBC News included three large PDF files, each corresponding to Trump’s three reported finalists for vice president. The Vance file appears to be the one Klippenstein hosts on his site.
In this example hackers attributed to Iran used the Robert persona to email journalists hacked documents (T0146: Account Asset, T0097.100: Individual Persona, T0153.001: Email Platform).
The journalist Ken Kippenstien used his existing blog on substack to host a link to download the document (T0089: Obtain Private Documents, T0097.102: Journalist Persona, T0115: Post Content, T0143.001: Authentic Persona, T0152.001: Blogging Platform, T0152.002: Blog Asset, T0150.003: Pre-Existing Asset). |
DO NOT EDIT ABOVE THIS LINE - PLEASE ADD NOTES BELOW
\ No newline at end of file
diff --git a/generated_pages/incidents/I00120.md b/generated_pages/incidents/I00120.md
index d99d934..7f8beda 100644
--- a/generated_pages/incidents/I00120.md
+++ b/generated_pages/incidents/I00120.md
@@ -21,11 +21,11 @@
| Technique | Description given for this incident |
| --------- | ------------------------- |
-| [T0097.203 Fact Checking Organisation Persona](../../generated_pages/techniques/T0097.203.md) | IT00000497 Ahead of the 2019 UK Election during a leader’s debate, the Conservative party rebranded their “Conservative Campaign Headquarters Press” account to “FactCheckUK”:
The evening of the 19th November 2019 saw the first of three Leaders’ Debates on ITV, starting at 8pm and lasting for an hour. Current Prime Minister and leader of the Conservatives, Boris Johnson faced off against Labour party leader, Jeremy Corbyn. Plenty of people will have been watching the debate live, but a good proportion were “watching” (er, “twitching”?) via Twitter. This is something I’ve done in the past for certain shows. In some cases I just can’t watch or listen, but I can read, and in other cases, the commentary is far more interesting and entertaining than the show itself will ever be. This, for me, is just such a case. But very quickly, all eyes turned upon a modestly sized account with the handle @CCHQPress. That’s short for Conservative Campaign Headquarters Press. According to their (current!) Twitter bio, they are based in Westminster and they provide “snippets of news and commentary from CCHQ” to their 75k followers.
That is, until a few minutes into the debate.
All at once, like a person throwing off their street clothes to reveal some sinister new identity underneath, @CCHQPress abruptly shed its name, blue Conservative logo, Boris Johnson banner, and bio description. Moments later, it had entirely reinvented itself.
The purple banner was emblazoned with white font that read “✓ factcheckUK [with a “FROM CCQH” subheading]”.
The matching profile picture was a white tick in a purple circle. The bio was updated to: “Fact checking Labour from CCHQ”. And the name now read factcheckUK, with the customary Twitter blue (or white depending on your phone settings!) validation tick still after it
In this example an existing verified social media account on Twitter was repurposed to inauthentically present itself as a Fact Checking service (T0151.008: Microblogging Platform, T0150.003: Pre-Existing Asset, T0146.003: Verified Account Asset, T0097.203: Fact Checking Organisation Persona, T0143.002: Fabricated Persona). |
-| [T0143.002 Fabricated Persona](../../generated_pages/techniques/T0143.002.md) | IT00000498 Ahead of the 2019 UK Election during a leader’s debate, the Conservative party rebranded their “Conservative Campaign Headquarters Press” account to “FactCheckUK”:
The evening of the 19th November 2019 saw the first of three Leaders’ Debates on ITV, starting at 8pm and lasting for an hour. Current Prime Minister and leader of the Conservatives, Boris Johnson faced off against Labour party leader, Jeremy Corbyn. Plenty of people will have been watching the debate live, but a good proportion were “watching” (er, “twitching”?) via Twitter. This is something I’ve done in the past for certain shows. In some cases I just can’t watch or listen, but I can read, and in other cases, the commentary is far more interesting and entertaining than the show itself will ever be. This, for me, is just such a case. But very quickly, all eyes turned upon a modestly sized account with the handle @CCHQPress. That’s short for Conservative Campaign Headquarters Press. According to their (current!) Twitter bio, they are based in Westminster and they provide “snippets of news and commentary from CCHQ” to their 75k followers.
That is, until a few minutes into the debate.
All at once, like a person throwing off their street clothes to reveal some sinister new identity underneath, @CCHQPress abruptly shed its name, blue Conservative logo, Boris Johnson banner, and bio description. Moments later, it had entirely reinvented itself.
The purple banner was emblazoned with white font that read “✓ factcheckUK [with a “FROM CCQH” subheading]”.
The matching profile picture was a white tick in a purple circle. The bio was updated to: “Fact checking Labour from CCHQ”. And the name now read factcheckUK, with the customary Twitter blue (or white depending on your phone settings!) validation tick still after it
In this example an existing verified social media account on Twitter was repurposed to inauthentically present itself as a Fact Checking service (T0151.008: Microblogging Platform, T0150.003: Pre-Existing Asset, T0146.003: Verified Account Asset, T0097.203: Fact Checking Organisation Persona, T0143.002: Fabricated Persona). |
-| [T0146.003 Verified Account Asset](../../generated_pages/techniques/T0146.003.md) | IT00000499 Ahead of the 2019 UK Election during a leader’s debate, the Conservative party rebranded their “Conservative Campaign Headquarters Press” account to “FactCheckUK”:
The evening of the 19th November 2019 saw the first of three Leaders’ Debates on ITV, starting at 8pm and lasting for an hour. Current Prime Minister and leader of the Conservatives, Boris Johnson faced off against Labour party leader, Jeremy Corbyn. Plenty of people will have been watching the debate live, but a good proportion were “watching” (er, “twitching”?) via Twitter. This is something I’ve done in the past for certain shows. In some cases I just can’t watch or listen, but I can read, and in other cases, the commentary is far more interesting and entertaining than the show itself will ever be. This, for me, is just such a case. But very quickly, all eyes turned upon a modestly sized account with the handle @CCHQPress. That’s short for Conservative Campaign Headquarters Press. According to their (current!) Twitter bio, they are based in Westminster and they provide “snippets of news and commentary from CCHQ” to their 75k followers.
That is, until a few minutes into the debate.
All at once, like a person throwing off their street clothes to reveal some sinister new identity underneath, @CCHQPress abruptly shed its name, blue Conservative logo, Boris Johnson banner, and bio description. Moments later, it had entirely reinvented itself.
The purple banner was emblazoned with white font that read “✓ factcheckUK [with a “FROM CCQH” subheading]”.
The matching profile picture was a white tick in a purple circle. The bio was updated to: “Fact checking Labour from CCHQ”. And the name now read factcheckUK, with the customary Twitter blue (or white depending on your phone settings!) validation tick still after it
In this example an existing verified social media account on Twitter was repurposed to inauthentically present itself as a Fact Checking service (T0151.008: Microblogging Platform, T0150.003: Pre-Existing Asset, T0146.003: Verified Account Asset, T0097.203: Fact Checking Organisation Persona, T0143.002: Fabricated Persona). |
-| [T0150.003 Pre-Existing Asset](../../generated_pages/techniques/T0150.003.md) | IT00000496 Ahead of the 2019 UK Election during a leader’s debate, the Conservative party rebranded their “Conservative Campaign Headquarters Press” account to “FactCheckUK”:
The evening of the 19th November 2019 saw the first of three Leaders’ Debates on ITV, starting at 8pm and lasting for an hour. Current Prime Minister and leader of the Conservatives, Boris Johnson faced off against Labour party leader, Jeremy Corbyn. Plenty of people will have been watching the debate live, but a good proportion were “watching” (er, “twitching”?) via Twitter. This is something I’ve done in the past for certain shows. In some cases I just can’t watch or listen, but I can read, and in other cases, the commentary is far more interesting and entertaining than the show itself will ever be. This, for me, is just such a case. But very quickly, all eyes turned upon a modestly sized account with the handle @CCHQPress. That’s short for Conservative Campaign Headquarters Press. According to their (current!) Twitter bio, they are based in Westminster and they provide “snippets of news and commentary from CCHQ” to their 75k followers.
That is, until a few minutes into the debate.
All at once, like a person throwing off their street clothes to reveal some sinister new identity underneath, @CCHQPress abruptly shed its name, blue Conservative logo, Boris Johnson banner, and bio description. Moments later, it had entirely reinvented itself.
The purple banner was emblazoned with white font that read “✓ factcheckUK [with a “FROM CCQH” subheading]”.
The matching profile picture was a white tick in a purple circle. The bio was updated to: “Fact checking Labour from CCHQ”. And the name now read factcheckUK, with the customary Twitter blue (or white depending on your phone settings!) validation tick still after it
In this example an existing verified social media account on Twitter was repurposed to inauthentically present itself as a Fact Checking service (T0151.008: Microblogging Platform, T0150.003: Pre-Existing Asset, T0146.003: Verified Account Asset, T0097.203: Fact Checking Organisation Persona, T0143.002: Fabricated Persona). |
-| [T0151.008 Microblogging Platform](../../generated_pages/techniques/T0151.008.md) | IT00000495 Ahead of the 2019 UK Election during a leader’s debate, the Conservative party rebranded their “Conservative Campaign Headquarters Press” account to “FactCheckUK”:
The evening of the 19th November 2019 saw the first of three Leaders’ Debates on ITV, starting at 8pm and lasting for an hour. Current Prime Minister and leader of the Conservatives, Boris Johnson faced off against Labour party leader, Jeremy Corbyn. Plenty of people will have been watching the debate live, but a good proportion were “watching” (er, “twitching”?) via Twitter. This is something I’ve done in the past for certain shows. In some cases I just can’t watch or listen, but I can read, and in other cases, the commentary is far more interesting and entertaining than the show itself will ever be. This, for me, is just such a case. But very quickly, all eyes turned upon a modestly sized account with the handle @CCHQPress. That’s short for Conservative Campaign Headquarters Press. According to their (current!) Twitter bio, they are based in Westminster and they provide “snippets of news and commentary from CCHQ” to their 75k followers.
That is, until a few minutes into the debate.
All at once, like a person throwing off their street clothes to reveal some sinister new identity underneath, @CCHQPress abruptly shed its name, blue Conservative logo, Boris Johnson banner, and bio description. Moments later, it had entirely reinvented itself.
The purple banner was emblazoned with white font that read “✓ factcheckUK [with a “FROM CCQH” subheading]”.
The matching profile picture was a white tick in a purple circle. The bio was updated to: “Fact checking Labour from CCHQ”. And the name now read factcheckUK, with the customary Twitter blue (or white depending on your phone settings!) validation tick still after it
In this example an existing verified social media account on Twitter was repurposed to inauthentically present itself as a Fact Checking service (T0151.008: Microblogging Platform, T0150.003: Pre-Existing Asset, T0146.003: Verified Account Asset, T0097.203: Fact Checking Organisation Persona, T0143.002: Fabricated Persona). |
+| [T0097.203 Fact Checking Organisation Persona](../../generated_pages/techniques/T0097.203.md) | Ahead of the 2019 UK Election during a leader’s debate, the Conservative party rebranded their “Conservative Campaign Headquarters Press” account to “FactCheckUK”:
The evening of the 19th November 2019 saw the first of three Leaders’ Debates on ITV, starting at 8pm and lasting for an hour. Current Prime Minister and leader of the Conservatives, Boris Johnson faced off against Labour party leader, Jeremy Corbyn. Plenty of people will have been watching the debate live, but a good proportion were “watching” (er, “twitching”?) via Twitter. This is something I’ve done in the past for certain shows. In some cases I just can’t watch or listen, but I can read, and in other cases, the commentary is far more interesting and entertaining than the show itself will ever be. This, for me, is just such a case. But very quickly, all eyes turned upon a modestly sized account with the handle @CCHQPress. That’s short for Conservative Campaign Headquarters Press. According to their (current!) Twitter bio, they are based in Westminster and they provide “snippets of news and commentary from CCHQ” to their 75k followers.
That is, until a few minutes into the debate.
All at once, like a person throwing off their street clothes to reveal some sinister new identity underneath, @CCHQPress abruptly shed its name, blue Conservative logo, Boris Johnson banner, and bio description. Moments later, it had entirely reinvented itself.
The purple banner was emblazoned with white font that read “✓ factcheckUK [with a “FROM CCQH” subheading]”.
The matching profile picture was a white tick in a purple circle. The bio was updated to: “Fact checking Labour from CCHQ”. And the name now read factcheckUK, with the customary Twitter blue (or white depending on your phone settings!) validation tick still after it
In this example an existing verified social media account on Twitter was repurposed to inauthentically present itself as a Fact Checking service (T0151.008: Microblogging Platform, T0150.003: Pre-Existing Asset, T0146.003: Verified Account Asset, T0097.203: Fact Checking Organisation Persona, T0143.002: Fabricated Persona). |
+| [T0143.002 Fabricated Persona](../../generated_pages/techniques/T0143.002.md) | Ahead of the 2019 UK Election during a leader’s debate, the Conservative party rebranded their “Conservative Campaign Headquarters Press” account to “FactCheckUK”:
The evening of the 19th November 2019 saw the first of three Leaders’ Debates on ITV, starting at 8pm and lasting for an hour. Current Prime Minister and leader of the Conservatives, Boris Johnson faced off against Labour party leader, Jeremy Corbyn. Plenty of people will have been watching the debate live, but a good proportion were “watching” (er, “twitching”?) via Twitter. This is something I’ve done in the past for certain shows. In some cases I just can’t watch or listen, but I can read, and in other cases, the commentary is far more interesting and entertaining than the show itself will ever be. This, for me, is just such a case. But very quickly, all eyes turned upon a modestly sized account with the handle @CCHQPress. That’s short for Conservative Campaign Headquarters Press. According to their (current!) Twitter bio, they are based in Westminster and they provide “snippets of news and commentary from CCHQ” to their 75k followers.
That is, until a few minutes into the debate.
All at once, like a person throwing off their street clothes to reveal some sinister new identity underneath, @CCHQPress abruptly shed its name, blue Conservative logo, Boris Johnson banner, and bio description. Moments later, it had entirely reinvented itself.
The purple banner was emblazoned with white font that read “✓ factcheckUK [with a “FROM CCQH” subheading]”.
The matching profile picture was a white tick in a purple circle. The bio was updated to: “Fact checking Labour from CCHQ”. And the name now read factcheckUK, with the customary Twitter blue (or white depending on your phone settings!) validation tick still after it
In this example an existing verified social media account on Twitter was repurposed to inauthentically present itself as a Fact Checking service (T0151.008: Microblogging Platform, T0150.003: Pre-Existing Asset, T0146.003: Verified Account Asset, T0097.203: Fact Checking Organisation Persona, T0143.002: Fabricated Persona). |
+| [T0146.003 Verified Account Asset](../../generated_pages/techniques/T0146.003.md) | Ahead of the 2019 UK Election during a leader’s debate, the Conservative party rebranded their “Conservative Campaign Headquarters Press” account to “FactCheckUK”:
The evening of the 19th November 2019 saw the first of three Leaders’ Debates on ITV, starting at 8pm and lasting for an hour. Current Prime Minister and leader of the Conservatives, Boris Johnson faced off against Labour party leader, Jeremy Corbyn. Plenty of people will have been watching the debate live, but a good proportion were “watching” (er, “twitching”?) via Twitter. This is something I’ve done in the past for certain shows. In some cases I just can’t watch or listen, but I can read, and in other cases, the commentary is far more interesting and entertaining than the show itself will ever be. This, for me, is just such a case. But very quickly, all eyes turned upon a modestly sized account with the handle @CCHQPress. That’s short for Conservative Campaign Headquarters Press. According to their (current!) Twitter bio, they are based in Westminster and they provide “snippets of news and commentary from CCHQ” to their 75k followers.
That is, until a few minutes into the debate.
All at once, like a person throwing off their street clothes to reveal some sinister new identity underneath, @CCHQPress abruptly shed its name, blue Conservative logo, Boris Johnson banner, and bio description. Moments later, it had entirely reinvented itself.
The purple banner was emblazoned with white font that read “✓ factcheckUK [with a “FROM CCQH” subheading]”.
The matching profile picture was a white tick in a purple circle. The bio was updated to: “Fact checking Labour from CCHQ”. And the name now read factcheckUK, with the customary Twitter blue (or white depending on your phone settings!) validation tick still after it
In this example an existing verified social media account on Twitter was repurposed to inauthentically present itself as a Fact Checking service (T0151.008: Microblogging Platform, T0150.003: Pre-Existing Asset, T0146.003: Verified Account Asset, T0097.203: Fact Checking Organisation Persona, T0143.002: Fabricated Persona). |
+| [T0150.003 Pre-Existing Asset](../../generated_pages/techniques/T0150.003.md) | Ahead of the 2019 UK Election during a leader’s debate, the Conservative party rebranded their “Conservative Campaign Headquarters Press” account to “FactCheckUK”:
The evening of the 19th November 2019 saw the first of three Leaders’ Debates on ITV, starting at 8pm and lasting for an hour. Current Prime Minister and leader of the Conservatives, Boris Johnson faced off against Labour party leader, Jeremy Corbyn. Plenty of people will have been watching the debate live, but a good proportion were “watching” (er, “twitching”?) via Twitter. This is something I’ve done in the past for certain shows. In some cases I just can’t watch or listen, but I can read, and in other cases, the commentary is far more interesting and entertaining than the show itself will ever be. This, for me, is just such a case. But very quickly, all eyes turned upon a modestly sized account with the handle @CCHQPress. That’s short for Conservative Campaign Headquarters Press. According to their (current!) Twitter bio, they are based in Westminster and they provide “snippets of news and commentary from CCHQ” to their 75k followers.
That is, until a few minutes into the debate.
All at once, like a person throwing off their street clothes to reveal some sinister new identity underneath, @CCHQPress abruptly shed its name, blue Conservative logo, Boris Johnson banner, and bio description. Moments later, it had entirely reinvented itself.
The purple banner was emblazoned with white font that read “✓ factcheckUK [with a “FROM CCQH” subheading]”.
The matching profile picture was a white tick in a purple circle. The bio was updated to: “Fact checking Labour from CCHQ”. And the name now read factcheckUK, with the customary Twitter blue (or white depending on your phone settings!) validation tick still after it
In this example an existing verified social media account on Twitter was repurposed to inauthentically present itself as a Fact Checking service (T0151.008: Microblogging Platform, T0150.003: Pre-Existing Asset, T0146.003: Verified Account Asset, T0097.203: Fact Checking Organisation Persona, T0143.002: Fabricated Persona). |
+| [T0151.008 Microblogging Platform](../../generated_pages/techniques/T0151.008.md) | Ahead of the 2019 UK Election during a leader’s debate, the Conservative party rebranded their “Conservative Campaign Headquarters Press” account to “FactCheckUK”:
The evening of the 19th November 2019 saw the first of three Leaders’ Debates on ITV, starting at 8pm and lasting for an hour. Current Prime Minister and leader of the Conservatives, Boris Johnson faced off against Labour party leader, Jeremy Corbyn. Plenty of people will have been watching the debate live, but a good proportion were “watching” (er, “twitching”?) via Twitter. This is something I’ve done in the past for certain shows. In some cases I just can’t watch or listen, but I can read, and in other cases, the commentary is far more interesting and entertaining than the show itself will ever be. This, for me, is just such a case. But very quickly, all eyes turned upon a modestly sized account with the handle @CCHQPress. That’s short for Conservative Campaign Headquarters Press. According to their (current!) Twitter bio, they are based in Westminster and they provide “snippets of news and commentary from CCHQ” to their 75k followers.
That is, until a few minutes into the debate.
All at once, like a person throwing off their street clothes to reveal some sinister new identity underneath, @CCHQPress abruptly shed its name, blue Conservative logo, Boris Johnson banner, and bio description. Moments later, it had entirely reinvented itself.
The purple banner was emblazoned with white font that read “✓ factcheckUK [with a “FROM CCQH” subheading]”.
The matching profile picture was a white tick in a purple circle. The bio was updated to: “Fact checking Labour from CCHQ”. And the name now read factcheckUK, with the customary Twitter blue (or white depending on your phone settings!) validation tick still after it
In this example an existing verified social media account on Twitter was repurposed to inauthentically present itself as a Fact Checking service (T0151.008: Microblogging Platform, T0150.003: Pre-Existing Asset, T0146.003: Verified Account Asset, T0097.203: Fact Checking Organisation Persona, T0143.002: Fabricated Persona). |
DO NOT EDIT ABOVE THIS LINE - PLEASE ADD NOTES BELOW
\ No newline at end of file
diff --git a/generated_pages/incidents/I00121.md b/generated_pages/incidents/I00121.md
index e633a42..f1de18d 100644
--- a/generated_pages/incidents/I00121.md
+++ b/generated_pages/incidents/I00121.md
@@ -21,9 +21,9 @@
| Technique | Description given for this incident |
| --------- | ------------------------- |
-| [T0143.002 Fabricated Persona](../../generated_pages/techniques/T0143.002.md) | IT00000501 The unique aspect of Operation Overload is a barrage of emails sent to newsrooms and fact-checkers across Europe. The authors of these messages urge recipients to verify content allegedly found online. The email subject lines often include an incitement to verify the claims briefly described in the message body. This is followed by a short list of links directing recipients to posts on Telegram, X, or known pro-Russian websites, including Pravda and Sputnik.
We have collected 221 emails sent to 20 organisations. The organisations mostly received identical emails urging them to fact-check specific false stories, which demonstrates that the emails were sent as part of a larger coordinated campaign.
[...]
The authors of the emails do not hide their intention to see the fake content widely spread. In February 2024, a journalist at the German outlet CORRECTIV engaged with the sender of one of the emails, providing feedback on the narratives which were originally sent. CORRECTIV received a response from the same Gmail address, initially expressing respect and trust in CORRECTIV’s assessment, while asking: “is it possible for your work to be seen by as many people as possible?”, thereby clearly stating the goal of the operation.
[...]
All the emails come from authors posing as concerned citizens. All emails are sent with Gmail accounts, which is typical for personal use. This makes it challenging to identify the individuals behind these emails, as anyone can open a Gmail account for free. The email headers indicate that the messages were sent from the Gmail interface, not from a personal client which would disclose the sender’s IP address.
In this example, threat actors used gmail accounts (T0146.001: Free Account Asset, T0097.100: Individual Persona, T0143.002: Fabricated Persona, T0153.001: Email Platform) to target journalists and fact-checkers, with the apparent goal of having them amplify operation narratives through fact checks. |
-| [T0146.001 Free Account Asset](../../generated_pages/techniques/T0146.001.md) | IT00000500 The unique aspect of Operation Overload is a barrage of emails sent to newsrooms and fact-checkers across Europe. The authors of these messages urge recipients to verify content allegedly found online. The email subject lines often include an incitement to verify the claims briefly described in the message body. This is followed by a short list of links directing recipients to posts on Telegram, X, or known pro-Russian websites, including Pravda and Sputnik.
We have collected 221 emails sent to 20 organisations. The organisations mostly received identical emails urging them to fact-check specific false stories, which demonstrates that the emails were sent as part of a larger coordinated campaign.
[...]
The authors of the emails do not hide their intention to see the fake content widely spread. In February 2024, a journalist at the German outlet CORRECTIV engaged with the sender of one of the emails, providing feedback on the narratives which were originally sent. CORRECTIV received a response from the same Gmail address, initially expressing respect and trust in CORRECTIV’s assessment, while asking: “is it possible for your work to be seen by as many people as possible?”, thereby clearly stating the goal of the operation.
[...]
All the emails come from authors posing as concerned citizens. All emails are sent with Gmail accounts, which is typical for personal use. This makes it challenging to identify the individuals behind these emails, as anyone can open a Gmail account for free. The email headers indicate that the messages were sent from the Gmail interface, not from a personal client which would disclose the sender’s IP address.
In this example, threat actors used gmail accounts (T0146.001: Free Account Asset, T0097.100: Individual Persona, T0143.002: Fabricated Persona, T0153.001: Email Platform) to target journalists and fact-checkers, with the apparent goal of having them amplify operation narratives through fact checks. |
-| [T0153.001 Email Platform](../../generated_pages/techniques/T0153.001.md) | IT00000502 The unique aspect of Operation Overload is a barrage of emails sent to newsrooms and fact-checkers across Europe. The authors of these messages urge recipients to verify content allegedly found online. The email subject lines often include an incitement to verify the claims briefly described in the message body. This is followed by a short list of links directing recipients to posts on Telegram, X, or known pro-Russian websites, including Pravda and Sputnik.
We have collected 221 emails sent to 20 organisations. The organisations mostly received identical emails urging them to fact-check specific false stories, which demonstrates that the emails were sent as part of a larger coordinated campaign.
[...]
The authors of the emails do not hide their intention to see the fake content widely spread. In February 2024, a journalist at the German outlet CORRECTIV engaged with the sender of one of the emails, providing feedback on the narratives which were originally sent. CORRECTIV received a response from the same Gmail address, initially expressing respect and trust in CORRECTIV’s assessment, while asking: “is it possible for your work to be seen by as many people as possible?”, thereby clearly stating the goal of the operation.
[...]
All the emails come from authors posing as concerned citizens. All emails are sent with Gmail accounts, which is typical for personal use. This makes it challenging to identify the individuals behind these emails, as anyone can open a Gmail account for free. The email headers indicate that the messages were sent from the Gmail interface, not from a personal client which would disclose the sender’s IP address.
In this example, threat actors used gmail accounts (T0146.001: Free Account Asset, T0097.100: Individual Persona, T0143.002: Fabricated Persona, T0153.001: Email Platform) to target journalists and fact-checkers, with the apparent goal of having them amplify operation narratives through fact checks. |
+| [T0143.002 Fabricated Persona](../../generated_pages/techniques/T0143.002.md) | The unique aspect of Operation Overload is a barrage of emails sent to newsrooms and fact-checkers across Europe. The authors of these messages urge recipients to verify content allegedly found online. The email subject lines often include an incitement to verify the claims briefly described in the message body. This is followed by a short list of links directing recipients to posts on Telegram, X, or known pro-Russian websites, including Pravda and Sputnik.
We have collected 221 emails sent to 20 organisations. The organisations mostly received identical emails urging them to fact-check specific false stories, which demonstrates that the emails were sent as part of a larger coordinated campaign.
[...]
The authors of the emails do not hide their intention to see the fake content widely spread. In February 2024, a journalist at the German outlet CORRECTIV engaged with the sender of one of the emails, providing feedback on the narratives which were originally sent. CORRECTIV received a response from the same Gmail address, initially expressing respect and trust in CORRECTIV’s assessment, while asking: “is it possible for your work to be seen by as many people as possible?”, thereby clearly stating the goal of the operation.
[...]
All the emails come from authors posing as concerned citizens. All emails are sent with Gmail accounts, which is typical for personal use. This makes it challenging to identify the individuals behind these emails, as anyone can open a Gmail account for free. The email headers indicate that the messages were sent from the Gmail interface, not from a personal client which would disclose the sender’s IP address.
In this example, threat actors used gmail accounts (T0146.001: Free Account Asset, T0097.100: Individual Persona, T0143.002: Fabricated Persona, T0153.001: Email Platform) to target journalists and fact-checkers, with the apparent goal of having them amplify operation narratives through fact checks. |
+| [T0146.001 Free Account Asset](../../generated_pages/techniques/T0146.001.md) | The unique aspect of Operation Overload is a barrage of emails sent to newsrooms and fact-checkers across Europe. The authors of these messages urge recipients to verify content allegedly found online. The email subject lines often include an incitement to verify the claims briefly described in the message body. This is followed by a short list of links directing recipients to posts on Telegram, X, or known pro-Russian websites, including Pravda and Sputnik.
We have collected 221 emails sent to 20 organisations. The organisations mostly received identical emails urging them to fact-check specific false stories, which demonstrates that the emails were sent as part of a larger coordinated campaign.
[...]
The authors of the emails do not hide their intention to see the fake content widely spread. In February 2024, a journalist at the German outlet CORRECTIV engaged with the sender of one of the emails, providing feedback on the narratives which were originally sent. CORRECTIV received a response from the same Gmail address, initially expressing respect and trust in CORRECTIV’s assessment, while asking: “is it possible for your work to be seen by as many people as possible?”, thereby clearly stating the goal of the operation.
[...]
All the emails come from authors posing as concerned citizens. All emails are sent with Gmail accounts, which is typical for personal use. This makes it challenging to identify the individuals behind these emails, as anyone can open a Gmail account for free. The email headers indicate that the messages were sent from the Gmail interface, not from a personal client which would disclose the sender’s IP address.
In this example, threat actors used gmail accounts (T0146.001: Free Account Asset, T0097.100: Individual Persona, T0143.002: Fabricated Persona, T0153.001: Email Platform) to target journalists and fact-checkers, with the apparent goal of having them amplify operation narratives through fact checks. |
+| [T0153.001 Email Platform](../../generated_pages/techniques/T0153.001.md) | The unique aspect of Operation Overload is a barrage of emails sent to newsrooms and fact-checkers across Europe. The authors of these messages urge recipients to verify content allegedly found online. The email subject lines often include an incitement to verify the claims briefly described in the message body. This is followed by a short list of links directing recipients to posts on Telegram, X, or known pro-Russian websites, including Pravda and Sputnik.
We have collected 221 emails sent to 20 organisations. The organisations mostly received identical emails urging them to fact-check specific false stories, which demonstrates that the emails were sent as part of a larger coordinated campaign.
[...]
The authors of the emails do not hide their intention to see the fake content widely spread. In February 2024, a journalist at the German outlet CORRECTIV engaged with the sender of one of the emails, providing feedback on the narratives which were originally sent. CORRECTIV received a response from the same Gmail address, initially expressing respect and trust in CORRECTIV’s assessment, while asking: “is it possible for your work to be seen by as many people as possible?”, thereby clearly stating the goal of the operation.
[...]
All the emails come from authors posing as concerned citizens. All emails are sent with Gmail accounts, which is typical for personal use. This makes it challenging to identify the individuals behind these emails, as anyone can open a Gmail account for free. The email headers indicate that the messages were sent from the Gmail interface, not from a personal client which would disclose the sender’s IP address.
In this example, threat actors used gmail accounts (T0146.001: Free Account Asset, T0097.100: Individual Persona, T0143.002: Fabricated Persona, T0153.001: Email Platform) to target journalists and fact-checkers, with the apparent goal of having them amplify operation narratives through fact checks. |
DO NOT EDIT ABOVE THIS LINE - PLEASE ADD NOTES BELOW
\ No newline at end of file
diff --git a/generated_pages/incidents/I00122.md b/generated_pages/incidents/I00122.md
index 62fa80f..6ec4185 100644
--- a/generated_pages/incidents/I00122.md
+++ b/generated_pages/incidents/I00122.md
@@ -21,13 +21,13 @@
| Technique | Description given for this incident |
| --------- | ------------------------- |
-| [T0048 Harass](../../generated_pages/techniques/T0048.md) | IT00000508 Discord is an example of a T0151.004: Chat Platform, which allows users to create their own T0151.005: Chat Community Server. The Institute for Strategic Dialog (ISD) conducted an investigation into the extreme right’s usage of Discord servers:
Discord is a free service accessible via phones and computers. It allows users to talk to each other in real time via voice, text or video chat and emerged in 2015 as a platform designed to assist gamers in communicating with each other while playing video games. The popularity of the platform has surged in recent years, and it is currently estimated to have 140 million monthly active users.
Chatrooms – known as servers - in the platform can be created by anyone, and they are used for a range of purposes that extend far beyond gaming. Such purposes include the discussion of extreme right-wing ideologies and the planning of offline extremist activity. Ahead of the far-right Unite the Right rally in Charlottesville, Virginia, in August 2017, organisers used Discord to plan and promote events and posted swastikas and praised Hitler in chat rooms with names like “National Socialist Army” and “Führer’s Gas Chamber”.
In this example a Discord server was used to organise the 2017 Charlottesville Unite the Right rally. Chat rooms such in the server were used to discuss different topics related to the rally (T0057: Organise Events, T0126.002: Facilitate Logistics or Support for Attendance, T0151.004: Chat Platform, T0151.005: Chat Community Server, T0151.006: Chat Room).
Another primary activity engaged in the servers analysed are raids against other servers associated with political opponents, and in particular those that appear to be pro-LGBTQ. Raids are a phenomenon in which a small group of users will join a Discord server with the sole purpose of spamming the host with offensive or incendiary messages and content with the aim of upsetting local users or having the host server banned by Discord. On two servers examined here, raiding was their primary function.
Among servers devoted to this activity, specific channels were often created to host links to servers that users were then encouraged to raid. Users are encouraged to be as offensive as possible with the aim of upsetting or angering users on the raided server, and channels often had content banks of offensive memes and content to be shared on raided servers.
The use of raids demonstrates the gamified nature of extremist activity on Discord, where use of the platform and harassment of political opponents is itself turned into a type of real-life video game designed to strengthen in-group affiliation. This combined with the broader extremist activity identified in these channels suggests that the combative activity of raiding could provide a pathway for younger people to become more engaged with extremist activity.
Discord servers were used by members of the extreme right to coordinate harassment of targeted communities (T0048: Harass, T0049.005: Conduct Swarming, T0151.004: Chat Platform, T0151.005: Chat Community Server). |
-| [T0049.005 Conduct Swarming](../../generated_pages/techniques/T0049.005.md) | IT00000509 Discord is an example of a T0151.004: Chat Platform, which allows users to create their own T0151.005: Chat Community Server. The Institute for Strategic Dialog (ISD) conducted an investigation into the extreme right’s usage of Discord servers:
Discord is a free service accessible via phones and computers. It allows users to talk to each other in real time via voice, text or video chat and emerged in 2015 as a platform designed to assist gamers in communicating with each other while playing video games. The popularity of the platform has surged in recent years, and it is currently estimated to have 140 million monthly active users.
Chatrooms – known as servers - in the platform can be created by anyone, and they are used for a range of purposes that extend far beyond gaming. Such purposes include the discussion of extreme right-wing ideologies and the planning of offline extremist activity. Ahead of the far-right Unite the Right rally in Charlottesville, Virginia, in August 2017, organisers used Discord to plan and promote events and posted swastikas and praised Hitler in chat rooms with names like “National Socialist Army” and “Führer’s Gas Chamber”.
In this example a Discord server was used to organise the 2017 Charlottesville Unite the Right rally. Chat rooms such in the server were used to discuss different topics related to the rally (T0057: Organise Events, T0126.002: Facilitate Logistics or Support for Attendance, T0151.004: Chat Platform, T0151.005: Chat Community Server, T0151.006: Chat Room).
Another primary activity engaged in the servers analysed are raids against other servers associated with political opponents, and in particular those that appear to be pro-LGBTQ. Raids are a phenomenon in which a small group of users will join a Discord server with the sole purpose of spamming the host with offensive or incendiary messages and content with the aim of upsetting local users or having the host server banned by Discord. On two servers examined here, raiding was their primary function.
Among servers devoted to this activity, specific channels were often created to host links to servers that users were then encouraged to raid. Users are encouraged to be as offensive as possible with the aim of upsetting or angering users on the raided server, and channels often had content banks of offensive memes and content to be shared on raided servers.
The use of raids demonstrates the gamified nature of extremist activity on Discord, where use of the platform and harassment of political opponents is itself turned into a type of real-life video game designed to strengthen in-group affiliation. This combined with the broader extremist activity identified in these channels suggests that the combative activity of raiding could provide a pathway for younger people to become more engaged with extremist activity.
Discord servers were used by members of the extreme right to coordinate harassment of targeted communities (T0048: Harass, T0049.005: Conduct Swarming, T0151.004: Chat Platform, T0151.005: Chat Community Server). |
-| [T0057 Organise Events](../../generated_pages/techniques/T0057.md) | IT00000506 Discord is an example of a T0151.004: Chat Platform, which allows users to create their own T0151.005: Chat Community Server. The Institute for Strategic Dialog (ISD) conducted an investigation into the extreme right’s usage of Discord servers:
Discord is a free service accessible via phones and computers. It allows users to talk to each other in real time via voice, text or video chat and emerged in 2015 as a platform designed to assist gamers in communicating with each other while playing video games. The popularity of the platform has surged in recent years, and it is currently estimated to have 140 million monthly active users.
Chatrooms – known as servers - in the platform can be created by anyone, and they are used for a range of purposes that extend far beyond gaming. Such purposes include the discussion of extreme right-wing ideologies and the planning of offline extremist activity. Ahead of the far-right Unite the Right rally in Charlottesville, Virginia, in August 2017, organisers used Discord to plan and promote events and posted swastikas and praised Hitler in chat rooms with names like “National Socialist Army” and “Führer’s Gas Chamber”.
In this example a Discord server was used to organise the 2017 Charlottesville Unite the Right rally. Chat rooms such in the server were used to discuss different topics related to the rally (T0057: Organise Events, T0126.002: Facilitate Logistics or Support for Attendance, T0151.004: Chat Platform, T0151.005: Chat Community Server, T0151.006: Chat Room).
Another primary activity engaged in the servers analysed are raids against other servers associated with political opponents, and in particular those that appear to be pro-LGBTQ. Raids are a phenomenon in which a small group of users will join a Discord server with the sole purpose of spamming the host with offensive or incendiary messages and content with the aim of upsetting local users or having the host server banned by Discord. On two servers examined here, raiding was their primary function.
Among servers devoted to this activity, specific channels were often created to host links to servers that users were then encouraged to raid. Users are encouraged to be as offensive as possible with the aim of upsetting or angering users on the raided server, and channels often had content banks of offensive memes and content to be shared on raided servers.
The use of raids demonstrates the gamified nature of extremist activity on Discord, where use of the platform and harassment of political opponents is itself turned into a type of real-life video game designed to strengthen in-group affiliation. This combined with the broader extremist activity identified in these channels suggests that the combative activity of raiding could provide a pathway for younger people to become more engaged with extremist activity.
Discord servers were used by members of the extreme right to coordinate harassment of targeted communities (T0048: Harass, T0049.005: Conduct Swarming, T0151.004: Chat Platform, T0151.005: Chat Community Server). |
-| [T0126.002 Facilitate Logistics or Support for Attendance](../../generated_pages/techniques/T0126.002.md) | IT00000507 Discord is an example of a T0151.004: Chat Platform, which allows users to create their own T0151.005: Chat Community Server. The Institute for Strategic Dialog (ISD) conducted an investigation into the extreme right’s usage of Discord servers:
Discord is a free service accessible via phones and computers. It allows users to talk to each other in real time via voice, text or video chat and emerged in 2015 as a platform designed to assist gamers in communicating with each other while playing video games. The popularity of the platform has surged in recent years, and it is currently estimated to have 140 million monthly active users.
Chatrooms – known as servers - in the platform can be created by anyone, and they are used for a range of purposes that extend far beyond gaming. Such purposes include the discussion of extreme right-wing ideologies and the planning of offline extremist activity. Ahead of the far-right Unite the Right rally in Charlottesville, Virginia, in August 2017, organisers used Discord to plan and promote events and posted swastikas and praised Hitler in chat rooms with names like “National Socialist Army” and “Führer’s Gas Chamber”.
In this example a Discord server was used to organise the 2017 Charlottesville Unite the Right rally. Chat rooms such in the server were used to discuss different topics related to the rally (T0057: Organise Events, T0126.002: Facilitate Logistics or Support for Attendance, T0151.004: Chat Platform, T0151.005: Chat Community Server, T0151.006: Chat Room).
Another primary activity engaged in the servers analysed are raids against other servers associated with political opponents, and in particular those that appear to be pro-LGBTQ. Raids are a phenomenon in which a small group of users will join a Discord server with the sole purpose of spamming the host with offensive or incendiary messages and content with the aim of upsetting local users or having the host server banned by Discord. On two servers examined here, raiding was their primary function.
Among servers devoted to this activity, specific channels were often created to host links to servers that users were then encouraged to raid. Users are encouraged to be as offensive as possible with the aim of upsetting or angering users on the raided server, and channels often had content banks of offensive memes and content to be shared on raided servers.
The use of raids demonstrates the gamified nature of extremist activity on Discord, where use of the platform and harassment of political opponents is itself turned into a type of real-life video game designed to strengthen in-group affiliation. This combined with the broader extremist activity identified in these channels suggests that the combative activity of raiding could provide a pathway for younger people to become more engaged with extremist activity.
Discord servers were used by members of the extreme right to coordinate harassment of targeted communities (T0048: Harass, T0049.005: Conduct Swarming, T0151.004: Chat Platform, T0151.005: Chat Community Server). |
-| [T0151.004 Chat Platform](../../generated_pages/techniques/T0151.004.md) | IT00000503 Discord is an example of a T0151.004: Chat Platform, which allows users to create their own T0151.005: Chat Community Server. The Institute for Strategic Dialog (ISD) conducted an investigation into the extreme right’s usage of Discord servers:
Discord is a free service accessible via phones and computers. It allows users to talk to each other in real time via voice, text or video chat and emerged in 2015 as a platform designed to assist gamers in communicating with each other while playing video games. The popularity of the platform has surged in recent years, and it is currently estimated to have 140 million monthly active users.
Chatrooms – known as servers - in the platform can be created by anyone, and they are used for a range of purposes that extend far beyond gaming. Such purposes include the discussion of extreme right-wing ideologies and the planning of offline extremist activity. Ahead of the far-right Unite the Right rally in Charlottesville, Virginia, in August 2017, organisers used Discord to plan and promote events and posted swastikas and praised Hitler in chat rooms with names like “National Socialist Army” and “Führer’s Gas Chamber”.
In this example a Discord server was used to organise the 2017 Charlottesville Unite the Right rally. Chat rooms such in the server were used to discuss different topics related to the rally (T0057: Organise Events, T0126.002: Facilitate Logistics or Support for Attendance, T0151.004: Chat Platform, T0151.005: Chat Community Server, T0151.006: Chat Room).
Another primary activity engaged in the servers analysed are raids against other servers associated with political opponents, and in particular those that appear to be pro-LGBTQ. Raids are a phenomenon in which a small group of users will join a Discord server with the sole purpose of spamming the host with offensive or incendiary messages and content with the aim of upsetting local users or having the host server banned by Discord. On two servers examined here, raiding was their primary function.
Among servers devoted to this activity, specific channels were often created to host links to servers that users were then encouraged to raid. Users are encouraged to be as offensive as possible with the aim of upsetting or angering users on the raided server, and channels often had content banks of offensive memes and content to be shared on raided servers.
The use of raids demonstrates the gamified nature of extremist activity on Discord, where use of the platform and harassment of political opponents is itself turned into a type of real-life video game designed to strengthen in-group affiliation. This combined with the broader extremist activity identified in these channels suggests that the combative activity of raiding could provide a pathway for younger people to become more engaged with extremist activity.
Discord servers were used by members of the extreme right to coordinate harassment of targeted communities (T0048: Harass, T0049.005: Conduct Swarming, T0151.004: Chat Platform, T0151.005: Chat Community Server). |
-| [T0151.005 Chat Community Server](../../generated_pages/techniques/T0151.005.md) | IT00000504 Discord is an example of a T0151.004: Chat Platform, which allows users to create their own T0151.005: Chat Community Server. The Institute for Strategic Dialog (ISD) conducted an investigation into the extreme right’s usage of Discord servers:
Discord is a free service accessible via phones and computers. It allows users to talk to each other in real time via voice, text or video chat and emerged in 2015 as a platform designed to assist gamers in communicating with each other while playing video games. The popularity of the platform has surged in recent years, and it is currently estimated to have 140 million monthly active users.
Chatrooms – known as servers - in the platform can be created by anyone, and they are used for a range of purposes that extend far beyond gaming. Such purposes include the discussion of extreme right-wing ideologies and the planning of offline extremist activity. Ahead of the far-right Unite the Right rally in Charlottesville, Virginia, in August 2017, organisers used Discord to plan and promote events and posted swastikas and praised Hitler in chat rooms with names like “National Socialist Army” and “Führer’s Gas Chamber”.
In this example a Discord server was used to organise the 2017 Charlottesville Unite the Right rally. Chat rooms such in the server were used to discuss different topics related to the rally (T0057: Organise Events, T0126.002: Facilitate Logistics or Support for Attendance, T0151.004: Chat Platform, T0151.005: Chat Community Server, T0151.006: Chat Room).
Another primary activity engaged in the servers analysed are raids against other servers associated with political opponents, and in particular those that appear to be pro-LGBTQ. Raids are a phenomenon in which a small group of users will join a Discord server with the sole purpose of spamming the host with offensive or incendiary messages and content with the aim of upsetting local users or having the host server banned by Discord. On two servers examined here, raiding was their primary function.
Among servers devoted to this activity, specific channels were often created to host links to servers that users were then encouraged to raid. Users are encouraged to be as offensive as possible with the aim of upsetting or angering users on the raided server, and channels often had content banks of offensive memes and content to be shared on raided servers.
The use of raids demonstrates the gamified nature of extremist activity on Discord, where use of the platform and harassment of political opponents is itself turned into a type of real-life video game designed to strengthen in-group affiliation. This combined with the broader extremist activity identified in these channels suggests that the combative activity of raiding could provide a pathway for younger people to become more engaged with extremist activity.
Discord servers were used by members of the extreme right to coordinate harassment of targeted communities (T0048: Harass, T0049.005: Conduct Swarming, T0151.004: Chat Platform, T0151.005: Chat Community Server). |
-| [T0151.006 Chat Room](../../generated_pages/techniques/T0151.006.md) | IT00000505 Discord is an example of a T0151.004: Chat Platform, which allows users to create their own T0151.005: Chat Community Server. The Institute for Strategic Dialog (ISD) conducted an investigation into the extreme right’s usage of Discord servers:
Discord is a free service accessible via phones and computers. It allows users to talk to each other in real time via voice, text or video chat and emerged in 2015 as a platform designed to assist gamers in communicating with each other while playing video games. The popularity of the platform has surged in recent years, and it is currently estimated to have 140 million monthly active users.
Chatrooms – known as servers - in the platform can be created by anyone, and they are used for a range of purposes that extend far beyond gaming. Such purposes include the discussion of extreme right-wing ideologies and the planning of offline extremist activity. Ahead of the far-right Unite the Right rally in Charlottesville, Virginia, in August 2017, organisers used Discord to plan and promote events and posted swastikas and praised Hitler in chat rooms with names like “National Socialist Army” and “Führer’s Gas Chamber”.
In this example a Discord server was used to organise the 2017 Charlottesville Unite the Right rally. Chat rooms such in the server were used to discuss different topics related to the rally (T0057: Organise Events, T0126.002: Facilitate Logistics or Support for Attendance, T0151.004: Chat Platform, T0151.005: Chat Community Server, T0151.006: Chat Room).
Another primary activity engaged in the servers analysed are raids against other servers associated with political opponents, and in particular those that appear to be pro-LGBTQ. Raids are a phenomenon in which a small group of users will join a Discord server with the sole purpose of spamming the host with offensive or incendiary messages and content with the aim of upsetting local users or having the host server banned by Discord. On two servers examined here, raiding was their primary function.
Among servers devoted to this activity, specific channels were often created to host links to servers that users were then encouraged to raid. Users are encouraged to be as offensive as possible with the aim of upsetting or angering users on the raided server, and channels often had content banks of offensive memes and content to be shared on raided servers.
The use of raids demonstrates the gamified nature of extremist activity on Discord, where use of the platform and harassment of political opponents is itself turned into a type of real-life video game designed to strengthen in-group affiliation. This combined with the broader extremist activity identified in these channels suggests that the combative activity of raiding could provide a pathway for younger people to become more engaged with extremist activity.
Discord servers were used by members of the extreme right to coordinate harassment of targeted communities (T0048: Harass, T0049.005: Conduct Swarming, T0151.004: Chat Platform, T0151.005: Chat Community Server). |
+| [T0048 Harass](../../generated_pages/techniques/T0048.md) | Discord is an example of a T0151.004: Chat Platform, which allows users to create their own T0151.005: Chat Community Server. The Institute for Strategic Dialog (ISD) conducted an investigation into the extreme right’s usage of Discord servers:
Discord is a free service accessible via phones and computers. It allows users to talk to each other in real time via voice, text or video chat and emerged in 2015 as a platform designed to assist gamers in communicating with each other while playing video games. The popularity of the platform has surged in recent years, and it is currently estimated to have 140 million monthly active users.
Chatrooms – known as servers - in the platform can be created by anyone, and they are used for a range of purposes that extend far beyond gaming. Such purposes include the discussion of extreme right-wing ideologies and the planning of offline extremist activity. Ahead of the far-right Unite the Right rally in Charlottesville, Virginia, in August 2017, organisers used Discord to plan and promote events and posted swastikas and praised Hitler in chat rooms with names like “National Socialist Army” and “Führer’s Gas Chamber”.
In this example a Discord server was used to organise the 2017 Charlottesville Unite the Right rally. Chat rooms such in the server were used to discuss different topics related to the rally (T0057: Organise Events, T0126.002: Facilitate Logistics or Support for Attendance, T0151.004: Chat Platform, T0151.005: Chat Community Server, T0151.006: Chat Room).
Another primary activity engaged in the servers analysed are raids against other servers associated with political opponents, and in particular those that appear to be pro-LGBTQ. Raids are a phenomenon in which a small group of users will join a Discord server with the sole purpose of spamming the host with offensive or incendiary messages and content with the aim of upsetting local users or having the host server banned by Discord. On two servers examined here, raiding was their primary function.
Among servers devoted to this activity, specific channels were often created to host links to servers that users were then encouraged to raid. Users are encouraged to be as offensive as possible with the aim of upsetting or angering users on the raided server, and channels often had content banks of offensive memes and content to be shared on raided servers.
The use of raids demonstrates the gamified nature of extremist activity on Discord, where use of the platform and harassment of political opponents is itself turned into a type of real-life video game designed to strengthen in-group affiliation. This combined with the broader extremist activity identified in these channels suggests that the combative activity of raiding could provide a pathway for younger people to become more engaged with extremist activity.
Discord servers were used by members of the extreme right to coordinate harassment of targeted communities (T0048: Harass, T0049.005: Conduct Swarming, T0151.004: Chat Platform, T0151.005: Chat Community Server). |
+| [T0049.005 Conduct Swarming](../../generated_pages/techniques/T0049.005.md) | Discord is an example of a T0151.004: Chat Platform, which allows users to create their own T0151.005: Chat Community Server. The Institute for Strategic Dialog (ISD) conducted an investigation into the extreme right’s usage of Discord servers:
Discord is a free service accessible via phones and computers. It allows users to talk to each other in real time via voice, text or video chat and emerged in 2015 as a platform designed to assist gamers in communicating with each other while playing video games. The popularity of the platform has surged in recent years, and it is currently estimated to have 140 million monthly active users.
Chatrooms – known as servers - in the platform can be created by anyone, and they are used for a range of purposes that extend far beyond gaming. Such purposes include the discussion of extreme right-wing ideologies and the planning of offline extremist activity. Ahead of the far-right Unite the Right rally in Charlottesville, Virginia, in August 2017, organisers used Discord to plan and promote events and posted swastikas and praised Hitler in chat rooms with names like “National Socialist Army” and “Führer’s Gas Chamber”.
In this example a Discord server was used to organise the 2017 Charlottesville Unite the Right rally. Chat rooms such in the server were used to discuss different topics related to the rally (T0057: Organise Events, T0126.002: Facilitate Logistics or Support for Attendance, T0151.004: Chat Platform, T0151.005: Chat Community Server, T0151.006: Chat Room).
Another primary activity engaged in the servers analysed are raids against other servers associated with political opponents, and in particular those that appear to be pro-LGBTQ. Raids are a phenomenon in which a small group of users will join a Discord server with the sole purpose of spamming the host with offensive or incendiary messages and content with the aim of upsetting local users or having the host server banned by Discord. On two servers examined here, raiding was their primary function.
Among servers devoted to this activity, specific channels were often created to host links to servers that users were then encouraged to raid. Users are encouraged to be as offensive as possible with the aim of upsetting or angering users on the raided server, and channels often had content banks of offensive memes and content to be shared on raided servers.
The use of raids demonstrates the gamified nature of extremist activity on Discord, where use of the platform and harassment of political opponents is itself turned into a type of real-life video game designed to strengthen in-group affiliation. This combined with the broader extremist activity identified in these channels suggests that the combative activity of raiding could provide a pathway for younger people to become more engaged with extremist activity.
Discord servers were used by members of the extreme right to coordinate harassment of targeted communities (T0048: Harass, T0049.005: Conduct Swarming, T0151.004: Chat Platform, T0151.005: Chat Community Server). |
+| [T0057 Organise Events](../../generated_pages/techniques/T0057.md) | Discord is an example of a T0151.004: Chat Platform, which allows users to create their own T0151.005: Chat Community Server. The Institute for Strategic Dialog (ISD) conducted an investigation into the extreme right’s usage of Discord servers:
Discord is a free service accessible via phones and computers. It allows users to talk to each other in real time via voice, text or video chat and emerged in 2015 as a platform designed to assist gamers in communicating with each other while playing video games. The popularity of the platform has surged in recent years, and it is currently estimated to have 140 million monthly active users.
Chatrooms – known as servers - in the platform can be created by anyone, and they are used for a range of purposes that extend far beyond gaming. Such purposes include the discussion of extreme right-wing ideologies and the planning of offline extremist activity. Ahead of the far-right Unite the Right rally in Charlottesville, Virginia, in August 2017, organisers used Discord to plan and promote events and posted swastikas and praised Hitler in chat rooms with names like “National Socialist Army” and “Führer’s Gas Chamber”.
In this example a Discord server was used to organise the 2017 Charlottesville Unite the Right rally. Chat rooms such in the server were used to discuss different topics related to the rally (T0057: Organise Events, T0126.002: Facilitate Logistics or Support for Attendance, T0151.004: Chat Platform, T0151.005: Chat Community Server, T0151.006: Chat Room).
Another primary activity engaged in the servers analysed are raids against other servers associated with political opponents, and in particular those that appear to be pro-LGBTQ. Raids are a phenomenon in which a small group of users will join a Discord server with the sole purpose of spamming the host with offensive or incendiary messages and content with the aim of upsetting local users or having the host server banned by Discord. On two servers examined here, raiding was their primary function.
Among servers devoted to this activity, specific channels were often created to host links to servers that users were then encouraged to raid. Users are encouraged to be as offensive as possible with the aim of upsetting or angering users on the raided server, and channels often had content banks of offensive memes and content to be shared on raided servers.
The use of raids demonstrates the gamified nature of extremist activity on Discord, where use of the platform and harassment of political opponents is itself turned into a type of real-life video game designed to strengthen in-group affiliation. This combined with the broader extremist activity identified in these channels suggests that the combative activity of raiding could provide a pathway for younger people to become more engaged with extremist activity.
Discord servers were used by members of the extreme right to coordinate harassment of targeted communities (T0048: Harass, T0049.005: Conduct Swarming, T0151.004: Chat Platform, T0151.005: Chat Community Server). |
+| [T0126.002 Facilitate Logistics or Support for Attendance](../../generated_pages/techniques/T0126.002.md) | Discord is an example of a T0151.004: Chat Platform, which allows users to create their own T0151.005: Chat Community Server. The Institute for Strategic Dialog (ISD) conducted an investigation into the extreme right’s usage of Discord servers:
Discord is a free service accessible via phones and computers. It allows users to talk to each other in real time via voice, text or video chat and emerged in 2015 as a platform designed to assist gamers in communicating with each other while playing video games. The popularity of the platform has surged in recent years, and it is currently estimated to have 140 million monthly active users.
Chatrooms – known as servers - in the platform can be created by anyone, and they are used for a range of purposes that extend far beyond gaming. Such purposes include the discussion of extreme right-wing ideologies and the planning of offline extremist activity. Ahead of the far-right Unite the Right rally in Charlottesville, Virginia, in August 2017, organisers used Discord to plan and promote events and posted swastikas and praised Hitler in chat rooms with names like “National Socialist Army” and “Führer’s Gas Chamber”.
In this example a Discord server was used to organise the 2017 Charlottesville Unite the Right rally. Chat rooms such in the server were used to discuss different topics related to the rally (T0057: Organise Events, T0126.002: Facilitate Logistics or Support for Attendance, T0151.004: Chat Platform, T0151.005: Chat Community Server, T0151.006: Chat Room).
Another primary activity engaged in the servers analysed are raids against other servers associated with political opponents, and in particular those that appear to be pro-LGBTQ. Raids are a phenomenon in which a small group of users will join a Discord server with the sole purpose of spamming the host with offensive or incendiary messages and content with the aim of upsetting local users or having the host server banned by Discord. On two servers examined here, raiding was their primary function.
Among servers devoted to this activity, specific channels were often created to host links to servers that users were then encouraged to raid. Users are encouraged to be as offensive as possible with the aim of upsetting or angering users on the raided server, and channels often had content banks of offensive memes and content to be shared on raided servers.
The use of raids demonstrates the gamified nature of extremist activity on Discord, where use of the platform and harassment of political opponents is itself turned into a type of real-life video game designed to strengthen in-group affiliation. This combined with the broader extremist activity identified in these channels suggests that the combative activity of raiding could provide a pathway for younger people to become more engaged with extremist activity.
Discord servers were used by members of the extreme right to coordinate harassment of targeted communities (T0048: Harass, T0049.005: Conduct Swarming, T0151.004: Chat Platform, T0151.005: Chat Community Server). |
+| [T0151.004 Chat Platform](../../generated_pages/techniques/T0151.004.md) | Discord is an example of a T0151.004: Chat Platform, which allows users to create their own T0151.005: Chat Community Server. The Institute for Strategic Dialog (ISD) conducted an investigation into the extreme right’s usage of Discord servers:
Discord is a free service accessible via phones and computers. It allows users to talk to each other in real time via voice, text or video chat and emerged in 2015 as a platform designed to assist gamers in communicating with each other while playing video games. The popularity of the platform has surged in recent years, and it is currently estimated to have 140 million monthly active users.
Chatrooms – known as servers - in the platform can be created by anyone, and they are used for a range of purposes that extend far beyond gaming. Such purposes include the discussion of extreme right-wing ideologies and the planning of offline extremist activity. Ahead of the far-right Unite the Right rally in Charlottesville, Virginia, in August 2017, organisers used Discord to plan and promote events and posted swastikas and praised Hitler in chat rooms with names like “National Socialist Army” and “Führer’s Gas Chamber”.
In this example a Discord server was used to organise the 2017 Charlottesville Unite the Right rally. Chat rooms such in the server were used to discuss different topics related to the rally (T0057: Organise Events, T0126.002: Facilitate Logistics or Support for Attendance, T0151.004: Chat Platform, T0151.005: Chat Community Server, T0151.006: Chat Room).
Another primary activity engaged in the servers analysed are raids against other servers associated with political opponents, and in particular those that appear to be pro-LGBTQ. Raids are a phenomenon in which a small group of users will join a Discord server with the sole purpose of spamming the host with offensive or incendiary messages and content with the aim of upsetting local users or having the host server banned by Discord. On two servers examined here, raiding was their primary function.
Among servers devoted to this activity, specific channels were often created to host links to servers that users were then encouraged to raid. Users are encouraged to be as offensive as possible with the aim of upsetting or angering users on the raided server, and channels often had content banks of offensive memes and content to be shared on raided servers.
The use of raids demonstrates the gamified nature of extremist activity on Discord, where use of the platform and harassment of political opponents is itself turned into a type of real-life video game designed to strengthen in-group affiliation. This combined with the broader extremist activity identified in these channels suggests that the combative activity of raiding could provide a pathway for younger people to become more engaged with extremist activity.
Discord servers were used by members of the extreme right to coordinate harassment of targeted communities (T0048: Harass, T0049.005: Conduct Swarming, T0151.004: Chat Platform, T0151.005: Chat Community Server). |
+| [T0151.005 Chat Community Server](../../generated_pages/techniques/T0151.005.md) | Discord is an example of a T0151.004: Chat Platform, which allows users to create their own T0151.005: Chat Community Server. The Institute for Strategic Dialog (ISD) conducted an investigation into the extreme right’s usage of Discord servers:
Discord is a free service accessible via phones and computers. It allows users to talk to each other in real time via voice, text or video chat and emerged in 2015 as a platform designed to assist gamers in communicating with each other while playing video games. The popularity of the platform has surged in recent years, and it is currently estimated to have 140 million monthly active users.
Chatrooms – known as servers - in the platform can be created by anyone, and they are used for a range of purposes that extend far beyond gaming. Such purposes include the discussion of extreme right-wing ideologies and the planning of offline extremist activity. Ahead of the far-right Unite the Right rally in Charlottesville, Virginia, in August 2017, organisers used Discord to plan and promote events and posted swastikas and praised Hitler in chat rooms with names like “National Socialist Army” and “Führer’s Gas Chamber”.
In this example a Discord server was used to organise the 2017 Charlottesville Unite the Right rally. Chat rooms such in the server were used to discuss different topics related to the rally (T0057: Organise Events, T0126.002: Facilitate Logistics or Support for Attendance, T0151.004: Chat Platform, T0151.005: Chat Community Server, T0151.006: Chat Room).
Another primary activity engaged in the servers analysed are raids against other servers associated with political opponents, and in particular those that appear to be pro-LGBTQ. Raids are a phenomenon in which a small group of users will join a Discord server with the sole purpose of spamming the host with offensive or incendiary messages and content with the aim of upsetting local users or having the host server banned by Discord. On two servers examined here, raiding was their primary function.
Among servers devoted to this activity, specific channels were often created to host links to servers that users were then encouraged to raid. Users are encouraged to be as offensive as possible with the aim of upsetting or angering users on the raided server, and channels often had content banks of offensive memes and content to be shared on raided servers.
The use of raids demonstrates the gamified nature of extremist activity on Discord, where use of the platform and harassment of political opponents is itself turned into a type of real-life video game designed to strengthen in-group affiliation. This combined with the broader extremist activity identified in these channels suggests that the combative activity of raiding could provide a pathway for younger people to become more engaged with extremist activity.
Discord servers were used by members of the extreme right to coordinate harassment of targeted communities (T0048: Harass, T0049.005: Conduct Swarming, T0151.004: Chat Platform, T0151.005: Chat Community Server). |
+| [T0151.006 Chat Room](../../generated_pages/techniques/T0151.006.md) | Discord is an example of a T0151.004: Chat Platform, which allows users to create their own T0151.005: Chat Community Server. The Institute for Strategic Dialog (ISD) conducted an investigation into the extreme right’s usage of Discord servers:
Discord is a free service accessible via phones and computers. It allows users to talk to each other in real time via voice, text or video chat and emerged in 2015 as a platform designed to assist gamers in communicating with each other while playing video games. The popularity of the platform has surged in recent years, and it is currently estimated to have 140 million monthly active users.
Chatrooms – known as servers - in the platform can be created by anyone, and they are used for a range of purposes that extend far beyond gaming. Such purposes include the discussion of extreme right-wing ideologies and the planning of offline extremist activity. Ahead of the far-right Unite the Right rally in Charlottesville, Virginia, in August 2017, organisers used Discord to plan and promote events and posted swastikas and praised Hitler in chat rooms with names like “National Socialist Army” and “Führer’s Gas Chamber”.
In this example a Discord server was used to organise the 2017 Charlottesville Unite the Right rally. Chat rooms such in the server were used to discuss different topics related to the rally (T0057: Organise Events, T0126.002: Facilitate Logistics or Support for Attendance, T0151.004: Chat Platform, T0151.005: Chat Community Server, T0151.006: Chat Room).
Another primary activity engaged in the servers analysed are raids against other servers associated with political opponents, and in particular those that appear to be pro-LGBTQ. Raids are a phenomenon in which a small group of users will join a Discord server with the sole purpose of spamming the host with offensive or incendiary messages and content with the aim of upsetting local users or having the host server banned by Discord. On two servers examined here, raiding was their primary function.
Among servers devoted to this activity, specific channels were often created to host links to servers that users were then encouraged to raid. Users are encouraged to be as offensive as possible with the aim of upsetting or angering users on the raided server, and channels often had content banks of offensive memes and content to be shared on raided servers.
The use of raids demonstrates the gamified nature of extremist activity on Discord, where use of the platform and harassment of political opponents is itself turned into a type of real-life video game designed to strengthen in-group affiliation. This combined with the broader extremist activity identified in these channels suggests that the combative activity of raiding could provide a pathway for younger people to become more engaged with extremist activity.
Discord servers were used by members of the extreme right to coordinate harassment of targeted communities (T0048: Harass, T0049.005: Conduct Swarming, T0151.004: Chat Platform, T0151.005: Chat Community Server). |
DO NOT EDIT ABOVE THIS LINE - PLEASE ADD NOTES BELOW
\ No newline at end of file
diff --git a/generated_pages/incidents/I00123.md b/generated_pages/incidents/I00123.md
index 462c7e8..43d5b05 100644
--- a/generated_pages/incidents/I00123.md
+++ b/generated_pages/incidents/I00123.md
@@ -21,15 +21,15 @@
| Technique | Description given for this incident |
| --------- | ------------------------- |
-| [T0048 Harass](../../generated_pages/techniques/T0048.md) | IT00000515 ISD conducted an investigation into the usage of social groups on Steam. Steam is an online platform used to buy and sell digital games, and includes the Steam community feature, which “allows users to find friends and join groups and discussion forums, while also offering in-game voice and text chat”. Actors have used Steam’s social capabilities to enable online harm campaigns:
One function of these Steam groups is the organisation of ‘raids’ – coordinated trolling activity against their political opponents. An example of this can be seen in a white power music group sharing a link to an Israeli Steam group, encouraging other members to “help me raid this juden [German word for Jew] group”. The comments section of said target group show that neo-Nazi and antisemitic comments were consistently posted in the group just two minutes after the instruction had been posted in the extremist group, highlighting the swiftness with which racially motivated harassment can be directed online.
Threat actors used social groups on Steam to organise harassment of targets (T0152.009: Software Delivery Platform, T0151.002: Online Community Group, T0049.005: Conduct Swarming, T0048: Harass). |
-| [T0049.005 Conduct Swarming](../../generated_pages/techniques/T0049.005.md) | IT00000514 ISD conducted an investigation into the usage of social groups on Steam. Steam is an online platform used to buy and sell digital games, and includes the Steam community feature, which “allows users to find friends and join groups and discussion forums, while also offering in-game voice and text chat”. Actors have used Steam’s social capabilities to enable online harm campaigns:
One function of these Steam groups is the organisation of ‘raids’ – coordinated trolling activity against their political opponents. An example of this can be seen in a white power music group sharing a link to an Israeli Steam group, encouraging other members to “help me raid this juden [German word for Jew] group”. The comments section of said target group show that neo-Nazi and antisemitic comments were consistently posted in the group just two minutes after the instruction had been posted in the extremist group, highlighting the swiftness with which racially motivated harassment can be directed online.
Threat actors used social groups on Steam to organise harassment of targets (T0152.009: Software Delivery Platform, T0151.002: Online Community Group, T0049.005: Conduct Swarming, T0048: Harass). |
-| [T0122 Direct Users to Alternative Platforms](../../generated_pages/techniques/T0122.md) | IT00000518 ISD conducted an investigation into the usage of social groups on Steam. Steam is an online platform used to buy and sell digital games, and includes the Steam community feature, which “allows users to find friends and join groups and discussion forums, while also offering in-game voice and text chat”. Actors have used Steam’s social capabilities to enable online harm campaigns:
A number of groups were observed encouraging members to join conversations on outside platforms. These include links to Telegram channels connected to white supremacist marches, and media outlets, forums and Discord servers run by neo-Nazis.
[...]
This off-ramping activity demonstrates how rather than sitting in isolation, Steam fits into the wider extreme right wing online ecosystem, with Steam groups acting as hubs for communities and organizations which span multiple platforms. Accordingly, although the platform appears to fill a specific role in the building and strengthening of communities with similar hobbies and interests, it is suggested that analysis seeking to determine the risk of these communities should focus on their activity across platforms
Social Groups on Steam were used to drive new people to other neo-Nazi controlled community assets (T0122: Direct Users to Alternative Platforms, T0152.009: Software Delivery Platform, T0151.002: Online Community Group). |
-| [T0151.002 Online Community Group](../../generated_pages/techniques/T0151.002.md) | IT00000511 Analysis of communities on the gaming platform Steam showed that groups who are known to have engaged in acts of terrorism used Steam to host social communities (T0152.009: Software Delivery Platform, T0151.002: Online Community Group):
The first is a Finnish-language group which was set up to promote the Nordic Resistance Movement (NRM). NRM are the only group in the sample examined by ISD known to have engaged in terrorist attacks. Swedish members of the group conducted a series of bombings in Gothenburg in 2016 and 2017, and several Finnish members are under investigation in relation to both violent attacks and murder.
The NRM Steam group does not host content related to gaming, and instead seems to act as a hub for the movement. The group’s overview section contains a link to the official NRM website, and users are encouraged to find like-minded people to join the group. The group is relatively small, with 87 members, but at the time of writing, it appeared to be active and in use. Interestingly, although the group is in Finnish language, it has members in common with the English language channels identified in this analysis. This suggests that Steam may help facilitate international exchange between right-wing extremists. |
-| [T0151.002 Online Community Group](../../generated_pages/techniques/T0151.002.md) | IT00000513 ISD conducted an investigation into the usage of social groups on Steam. Steam is an online platform used to buy and sell digital games, and includes the Steam community feature, which “allows users to find friends and join groups and discussion forums, while also offering in-game voice and text chat”. Actors have used Steam’s social capabilities to enable online harm campaigns:
One function of these Steam groups is the organisation of ‘raids’ – coordinated trolling activity against their political opponents. An example of this can be seen in a white power music group sharing a link to an Israeli Steam group, encouraging other members to “help me raid this juden [German word for Jew] group”. The comments section of said target group show that neo-Nazi and antisemitic comments were consistently posted in the group just two minutes after the instruction had been posted in the extremist group, highlighting the swiftness with which racially motivated harassment can be directed online.
Threat actors used social groups on Steam to organise harassment of targets (T0152.009: Software Delivery Platform, T0151.002: Online Community Group, T0049.005: Conduct Swarming, T0048: Harass). |
-| [T0151.002 Online Community Group](../../generated_pages/techniques/T0151.002.md) | IT00000517 ISD conducted an investigation into the usage of social groups on Steam. Steam is an online platform used to buy and sell digital games, and includes the Steam community feature, which “allows users to find friends and join groups and discussion forums, while also offering in-game voice and text chat”. Actors have used Steam’s social capabilities to enable online harm campaigns:
A number of groups were observed encouraging members to join conversations on outside platforms. These include links to Telegram channels connected to white supremacist marches, and media outlets, forums and Discord servers run by neo-Nazis.
[...]
This off-ramping activity demonstrates how rather than sitting in isolation, Steam fits into the wider extreme right wing online ecosystem, with Steam groups acting as hubs for communities and organizations which span multiple platforms. Accordingly, although the platform appears to fill a specific role in the building and strengthening of communities with similar hobbies and interests, it is suggested that analysis seeking to determine the risk of these communities should focus on their activity across platforms
Social Groups on Steam were used to drive new people to other neo-Nazi controlled community assets (T0122: Direct Users to Alternative Platforms, T0152.009: Software Delivery Platform, T0151.002: Online Community Group). |
-| [T0152.009 Software Delivery Platform](../../generated_pages/techniques/T0152.009.md) | IT00000510 Analysis of communities on the gaming platform Steam showed that groups who are known to have engaged in acts of terrorism used Steam to host social communities (T0152.009: Software Delivery Platform, T0151.002: Online Community Group):
The first is a Finnish-language group which was set up to promote the Nordic Resistance Movement (NRM). NRM are the only group in the sample examined by ISD known to have engaged in terrorist attacks. Swedish members of the group conducted a series of bombings in Gothenburg in 2016 and 2017, and several Finnish members are under investigation in relation to both violent attacks and murder.
The NRM Steam group does not host content related to gaming, and instead seems to act as a hub for the movement. The group’s overview section contains a link to the official NRM website, and users are encouraged to find like-minded people to join the group. The group is relatively small, with 87 members, but at the time of writing, it appeared to be active and in use. Interestingly, although the group is in Finnish language, it has members in common with the English language channels identified in this analysis. This suggests that Steam may help facilitate international exchange between right-wing extremists. |
-| [T0152.009 Software Delivery Platform](../../generated_pages/techniques/T0152.009.md) | IT00000512 ISD conducted an investigation into the usage of social groups on Steam. Steam is an online platform used to buy and sell digital games, and includes the Steam community feature, which “allows users to find friends and join groups and discussion forums, while also offering in-game voice and text chat”. Actors have used Steam’s social capabilities to enable online harm campaigns:
One function of these Steam groups is the organisation of ‘raids’ – coordinated trolling activity against their political opponents. An example of this can be seen in a white power music group sharing a link to an Israeli Steam group, encouraging other members to “help me raid this juden [German word for Jew] group”. The comments section of said target group show that neo-Nazi and antisemitic comments were consistently posted in the group just two minutes after the instruction had been posted in the extremist group, highlighting the swiftness with which racially motivated harassment can be directed online.
Threat actors used social groups on Steam to organise harassment of targets (T0152.009: Software Delivery Platform, T0151.002: Online Community Group, T0049.005: Conduct Swarming, T0048: Harass). |
-| [T0152.009 Software Delivery Platform](../../generated_pages/techniques/T0152.009.md) | IT00000516 ISD conducted an investigation into the usage of social groups on Steam. Steam is an online platform used to buy and sell digital games, and includes the Steam community feature, which “allows users to find friends and join groups and discussion forums, while also offering in-game voice and text chat”. Actors have used Steam’s social capabilities to enable online harm campaigns:
A number of groups were observed encouraging members to join conversations on outside platforms. These include links to Telegram channels connected to white supremacist marches, and media outlets, forums and Discord servers run by neo-Nazis.
[...]
This off-ramping activity demonstrates how rather than sitting in isolation, Steam fits into the wider extreme right wing online ecosystem, with Steam groups acting as hubs for communities and organizations which span multiple platforms. Accordingly, although the platform appears to fill a specific role in the building and strengthening of communities with similar hobbies and interests, it is suggested that analysis seeking to determine the risk of these communities should focus on their activity across platforms
Social Groups on Steam were used to drive new people to other neo-Nazi controlled community assets (T0122: Direct Users to Alternative Platforms, T0152.009: Software Delivery Platform, T0151.002: Online Community Group). |
+| [T0048 Harass](../../generated_pages/techniques/T0048.md) | ISD conducted an investigation into the usage of social groups on Steam. Steam is an online platform used to buy and sell digital games, and includes the Steam community feature, which “allows users to find friends and join groups and discussion forums, while also offering in-game voice and text chat”. Actors have used Steam’s social capabilities to enable online harm campaigns:
One function of these Steam groups is the organisation of ‘raids’ – coordinated trolling activity against their political opponents. An example of this can be seen in a white power music group sharing a link to an Israeli Steam group, encouraging other members to “help me raid this juden [German word for Jew] group”. The comments section of said target group show that neo-Nazi and antisemitic comments were consistently posted in the group just two minutes after the instruction had been posted in the extremist group, highlighting the swiftness with which racially motivated harassment can be directed online.
Threat actors used social groups on Steam to organise harassment of targets (T0152.009: Software Delivery Platform, T0151.002: Online Community Group, T0049.005: Conduct Swarming, T0048: Harass). |
+| [T0049.005 Conduct Swarming](../../generated_pages/techniques/T0049.005.md) | ISD conducted an investigation into the usage of social groups on Steam. Steam is an online platform used to buy and sell digital games, and includes the Steam community feature, which “allows users to find friends and join groups and discussion forums, while also offering in-game voice and text chat”. Actors have used Steam’s social capabilities to enable online harm campaigns:
One function of these Steam groups is the organisation of ‘raids’ – coordinated trolling activity against their political opponents. An example of this can be seen in a white power music group sharing a link to an Israeli Steam group, encouraging other members to “help me raid this juden [German word for Jew] group”. The comments section of said target group show that neo-Nazi and antisemitic comments were consistently posted in the group just two minutes after the instruction had been posted in the extremist group, highlighting the swiftness with which racially motivated harassment can be directed online.
Threat actors used social groups on Steam to organise harassment of targets (T0152.009: Software Delivery Platform, T0151.002: Online Community Group, T0049.005: Conduct Swarming, T0048: Harass). |
+| [T0122 Direct Users to Alternative Platforms](../../generated_pages/techniques/T0122.md) | ISD conducted an investigation into the usage of social groups on Steam. Steam is an online platform used to buy and sell digital games, and includes the Steam community feature, which “allows users to find friends and join groups and discussion forums, while also offering in-game voice and text chat”. Actors have used Steam’s social capabilities to enable online harm campaigns:
A number of groups were observed encouraging members to join conversations on outside platforms. These include links to Telegram channels connected to white supremacist marches, and media outlets, forums and Discord servers run by neo-Nazis.
[...]
This off-ramping activity demonstrates how rather than sitting in isolation, Steam fits into the wider extreme right wing online ecosystem, with Steam groups acting as hubs for communities and organizations which span multiple platforms. Accordingly, although the platform appears to fill a specific role in the building and strengthening of communities with similar hobbies and interests, it is suggested that analysis seeking to determine the risk of these communities should focus on their activity across platforms
Social Groups on Steam were used to drive new people to other neo-Nazi controlled community assets (T0122: Direct Users to Alternative Platforms, T0152.009: Software Delivery Platform, T0151.002: Online Community Group). |
+| [T0151.002 Online Community Group](../../generated_pages/techniques/T0151.002.md) | Analysis of communities on the gaming platform Steam showed that groups who are known to have engaged in acts of terrorism used Steam to host social communities (T0152.009: Software Delivery Platform, T0151.002: Online Community Group):
The first is a Finnish-language group which was set up to promote the Nordic Resistance Movement (NRM). NRM are the only group in the sample examined by ISD known to have engaged in terrorist attacks. Swedish members of the group conducted a series of bombings in Gothenburg in 2016 and 2017, and several Finnish members are under investigation in relation to both violent attacks and murder.
The NRM Steam group does not host content related to gaming, and instead seems to act as a hub for the movement. The group’s overview section contains a link to the official NRM website, and users are encouraged to find like-minded people to join the group. The group is relatively small, with 87 members, but at the time of writing, it appeared to be active and in use. Interestingly, although the group is in Finnish language, it has members in common with the English language channels identified in this analysis. This suggests that Steam may help facilitate international exchange between right-wing extremists. |
+| [T0151.002 Online Community Group](../../generated_pages/techniques/T0151.002.md) | ISD conducted an investigation into the usage of social groups on Steam. Steam is an online platform used to buy and sell digital games, and includes the Steam community feature, which “allows users to find friends and join groups and discussion forums, while also offering in-game voice and text chat”. Actors have used Steam’s social capabilities to enable online harm campaigns:
One function of these Steam groups is the organisation of ‘raids’ – coordinated trolling activity against their political opponents. An example of this can be seen in a white power music group sharing a link to an Israeli Steam group, encouraging other members to “help me raid this juden [German word for Jew] group”. The comments section of said target group show that neo-Nazi and antisemitic comments were consistently posted in the group just two minutes after the instruction had been posted in the extremist group, highlighting the swiftness with which racially motivated harassment can be directed online.
Threat actors used social groups on Steam to organise harassment of targets (T0152.009: Software Delivery Platform, T0151.002: Online Community Group, T0049.005: Conduct Swarming, T0048: Harass). |
+| [T0151.002 Online Community Group](../../generated_pages/techniques/T0151.002.md) | ISD conducted an investigation into the usage of social groups on Steam. Steam is an online platform used to buy and sell digital games, and includes the Steam community feature, which “allows users to find friends and join groups and discussion forums, while also offering in-game voice and text chat”. Actors have used Steam’s social capabilities to enable online harm campaigns:
A number of groups were observed encouraging members to join conversations on outside platforms. These include links to Telegram channels connected to white supremacist marches, and media outlets, forums and Discord servers run by neo-Nazis.
[...]
This off-ramping activity demonstrates how rather than sitting in isolation, Steam fits into the wider extreme right wing online ecosystem, with Steam groups acting as hubs for communities and organizations which span multiple platforms. Accordingly, although the platform appears to fill a specific role in the building and strengthening of communities with similar hobbies and interests, it is suggested that analysis seeking to determine the risk of these communities should focus on their activity across platforms
Social Groups on Steam were used to drive new people to other neo-Nazi controlled community assets (T0122: Direct Users to Alternative Platforms, T0152.009: Software Delivery Platform, T0151.002: Online Community Group). |
+| [T0152.009 Software Delivery Platform](../../generated_pages/techniques/T0152.009.md) | Analysis of communities on the gaming platform Steam showed that groups who are known to have engaged in acts of terrorism used Steam to host social communities (T0152.009: Software Delivery Platform, T0151.002: Online Community Group):
The first is a Finnish-language group which was set up to promote the Nordic Resistance Movement (NRM). NRM are the only group in the sample examined by ISD known to have engaged in terrorist attacks. Swedish members of the group conducted a series of bombings in Gothenburg in 2016 and 2017, and several Finnish members are under investigation in relation to both violent attacks and murder.
The NRM Steam group does not host content related to gaming, and instead seems to act as a hub for the movement. The group’s overview section contains a link to the official NRM website, and users are encouraged to find like-minded people to join the group. The group is relatively small, with 87 members, but at the time of writing, it appeared to be active and in use. Interestingly, although the group is in Finnish language, it has members in common with the English language channels identified in this analysis. This suggests that Steam may help facilitate international exchange between right-wing extremists. |
+| [T0152.009 Software Delivery Platform](../../generated_pages/techniques/T0152.009.md) | ISD conducted an investigation into the usage of social groups on Steam. Steam is an online platform used to buy and sell digital games, and includes the Steam community feature, which “allows users to find friends and join groups and discussion forums, while also offering in-game voice and text chat”. Actors have used Steam’s social capabilities to enable online harm campaigns:
One function of these Steam groups is the organisation of ‘raids’ – coordinated trolling activity against their political opponents. An example of this can be seen in a white power music group sharing a link to an Israeli Steam group, encouraging other members to “help me raid this juden [German word for Jew] group”. The comments section of said target group show that neo-Nazi and antisemitic comments were consistently posted in the group just two minutes after the instruction had been posted in the extremist group, highlighting the swiftness with which racially motivated harassment can be directed online.
Threat actors used social groups on Steam to organise harassment of targets (T0152.009: Software Delivery Platform, T0151.002: Online Community Group, T0049.005: Conduct Swarming, T0048: Harass). |
+| [T0152.009 Software Delivery Platform](../../generated_pages/techniques/T0152.009.md) | ISD conducted an investigation into the usage of social groups on Steam. Steam is an online platform used to buy and sell digital games, and includes the Steam community feature, which “allows users to find friends and join groups and discussion forums, while also offering in-game voice and text chat”. Actors have used Steam’s social capabilities to enable online harm campaigns:
A number of groups were observed encouraging members to join conversations on outside platforms. These include links to Telegram channels connected to white supremacist marches, and media outlets, forums and Discord servers run by neo-Nazis.
[...]
This off-ramping activity demonstrates how rather than sitting in isolation, Steam fits into the wider extreme right wing online ecosystem, with Steam groups acting as hubs for communities and organizations which span multiple platforms. Accordingly, although the platform appears to fill a specific role in the building and strengthening of communities with similar hobbies and interests, it is suggested that analysis seeking to determine the risk of these communities should focus on their activity across platforms
Social Groups on Steam were used to drive new people to other neo-Nazi controlled community assets (T0122: Direct Users to Alternative Platforms, T0152.009: Software Delivery Platform, T0151.002: Online Community Group). |
DO NOT EDIT ABOVE THIS LINE - PLEASE ADD NOTES BELOW
\ No newline at end of file
diff --git a/generated_pages/incidents/I00124.md b/generated_pages/incidents/I00124.md
index f382952..a1d92ed 100644
--- a/generated_pages/incidents/I00124.md
+++ b/generated_pages/incidents/I00124.md
@@ -21,7 +21,7 @@
| Technique | Description given for this incident |
| --------- | ------------------------- |
-| [T0152.008 Live Streaming Platform](../../generated_pages/techniques/T0152.008.md) | IT00000519 This report “Malign foreign interference and information influence on video game platforms: understanding the adversarial playbook” looks at influence operations in relation to gaming. Part of the report looks at the use of gaming platforms, including DLive; a streaming platform (T0152.008: Live Streaming Platform);
“Like Twitch and YouTube, DLive is a video streaming service that enables users (also known as "streamers," or "content creators") to record themselves talking, playing video games, and other activities [...] DLive is built on blockchain technology, using its own currency directly through it rather than relying on advertising revenue.”
[...]
The emergence of blockchain technology has also created opportunities for reduced censorship. Due to the decentralised nature of blockchain platforms, content deletion from numerous servers takes longer than centralised systems. While DLive has community guidelines that forbid harassment or hate speech, it also allegedly provides users with protection from deplatforming, a practice where tech companies prevent individuals or groups from using their websites (Cohen, 2020). DLive's lack of content moderation and deplatforming has attracted far-right extremists and fringe streamers who have been barred from mainstream social media platforms like YouTube (Cohen, 2020; Gais & Edison Hayden, 2020). PewDiePie, one of YouTube's most popular content creators with nearly 94 million subscribers, moved exclusively to DLive in 2019. Although financial factors played a significant role in PewDiePie's decision, some have been drawn to DLive as a consequence of being deplatformed from other video streaming services (Gais & Edison Hayden, 2020).
According to recent findings from ISD, extremist groups have taken advantage of the relative lack of content moderation. The platform has been used to spread racist, sexist, and homophobic content, as well as conspiracy theories that would likely be banned on other platforms (Thomas, 2021). DLive is also known to have played a role in the events leading up to the January 6th Capitol insurrection, with far- right extremists livestreaming the event and receiving donations from viewers (Lakhani, 2021, p. 9). In response to the storming of the Capitol, DLive has implemented stricter content moderation policies, including demonetisation and the banning of influential figures associated with far-right extremism (ibid, p. 18). The findings of ISD´s analysis of DLive indicates that these actions reduced the "safe harbor" that extremists had previously enjoyed on DLive (Thomas, 2021). However, some claim that extremism still has a foothold on the platform despite these efforts to remove it (Schlegel, 2021b). |
+| [T0152.008 Live Streaming Platform](../../generated_pages/techniques/T0152.008.md) | This report “Malign foreign interference and information influence on video game platforms: understanding the adversarial playbook” looks at influence operations in relation to gaming. Part of the report looks at the use of gaming platforms, including DLive; a streaming platform (T0152.008: Live Streaming Platform);
“Like Twitch and YouTube, DLive is a video streaming service that enables users (also known as "streamers," or "content creators") to record themselves talking, playing video games, and other activities [...] DLive is built on blockchain technology, using its own currency directly through it rather than relying on advertising revenue.”
[...]
The emergence of blockchain technology has also created opportunities for reduced censorship. Due to the decentralised nature of blockchain platforms, content deletion from numerous servers takes longer than centralised systems. While DLive has community guidelines that forbid harassment or hate speech, it also allegedly provides users with protection from deplatforming, a practice where tech companies prevent individuals or groups from using their websites (Cohen, 2020). DLive's lack of content moderation and deplatforming has attracted far-right extremists and fringe streamers who have been barred from mainstream social media platforms like YouTube (Cohen, 2020; Gais & Edison Hayden, 2020). PewDiePie, one of YouTube's most popular content creators with nearly 94 million subscribers, moved exclusively to DLive in 2019. Although financial factors played a significant role in PewDiePie's decision, some have been drawn to DLive as a consequence of being deplatformed from other video streaming services (Gais & Edison Hayden, 2020).
According to recent findings from ISD, extremist groups have taken advantage of the relative lack of content moderation. The platform has been used to spread racist, sexist, and homophobic content, as well as conspiracy theories that would likely be banned on other platforms (Thomas, 2021). DLive is also known to have played a role in the events leading up to the January 6th Capitol insurrection, with far- right extremists livestreaming the event and receiving donations from viewers (Lakhani, 2021, p. 9). In response to the storming of the Capitol, DLive has implemented stricter content moderation policies, including demonetisation and the banning of influential figures associated with far-right extremism (ibid, p. 18). The findings of ISD´s analysis of DLive indicates that these actions reduced the "safe harbor" that extremists had previously enjoyed on DLive (Thomas, 2021). However, some claim that extremism still has a foothold on the platform despite these efforts to remove it (Schlegel, 2021b). |
DO NOT EDIT ABOVE THIS LINE - PLEASE ADD NOTES BELOW
\ No newline at end of file
diff --git a/generated_pages/incidents/I00125.md b/generated_pages/incidents/I00125.md
index 1645c98..4bd752b 100644
--- a/generated_pages/incidents/I00125.md
+++ b/generated_pages/incidents/I00125.md
@@ -21,11 +21,11 @@
| Technique | Description given for this incident |
| --------- | ------------------------- |
-| [T0087 Develop Video-Based Content](../../generated_pages/techniques/T0087.md) | IT00000524 In 2014 threat actors attributed to Russia spread the false narrative that a local chemical plant had leaked toxic fumes. This report discusses aspects of the operation:
[The chemical plant leak] hoax was just one in a wave of similar attacks during the second half of last year. On Dec. 13, two months after a handful of Ebola cases in the United States touched off a minor media panic, many of the same Twitter accounts used to spread the Columbian Chemicals hoax began to post about an outbreak of Ebola in Atlanta. [...] Again, the attention to detail was remarkable, suggesting a tremendous amount of effort. A YouTube video showed a team of hazmat-suited medical workers transporting a victim from the airport. Beyoncé’s recent single “7/11” played in the background, an apparent attempt to establish the video’s contemporaneity. A truck in the parking lot sported the logo of the Hartsfield-Jackson Atlanta International Airport.
Accounts which previously presented as Louisiana locals were repurposed for use in a different campaign, this time presenting as locals to Atlanta, a place over 500 miles away from Louisiana and in a different timezone (T0146: Account Asset, T0097.101: Local Persona, T0143.002: Fabricated Persona, T0151.008: Microblogging Platform, T0150.004: Repurposed Asset).
A video was created which appeared to support the campaign’s narrative (T0087: Develop Video-Based Content), with great attention given to small details which made the video appear more legitimate. |
-| [T0143.002 Fabricated Persona](../../generated_pages/techniques/T0143.002.md) | IT00000521 In 2014 threat actors attributed to Russia spread the false narrative that a local chemical plant had leaked toxic fumes. This report discusses aspects of the operation:
[The chemical plant leak] hoax was just one in a wave of similar attacks during the second half of last year. On Dec. 13, two months after a handful of Ebola cases in the United States touched off a minor media panic, many of the same Twitter accounts used to spread the Columbian Chemicals hoax began to post about an outbreak of Ebola in Atlanta. [...] Again, the attention to detail was remarkable, suggesting a tremendous amount of effort. A YouTube video showed a team of hazmat-suited medical workers transporting a victim from the airport. Beyoncé’s recent single “7/11” played in the background, an apparent attempt to establish the video’s contemporaneity. A truck in the parking lot sported the logo of the Hartsfield-Jackson Atlanta International Airport.
Accounts which previously presented as Louisiana locals were repurposed for use in a different campaign, this time presenting as locals to Atlanta, a place over 500 miles away from Louisiana and in a different timezone (T0146: Account Asset, T0097.101: Local Persona, T0143.002: Fabricated Persona, T0151.008: Microblogging Platform, T0150.004: Repurposed Asset).
A video was created which appeared to support the campaign’s narrative (T0087: Develop Video-Based Content), with great attention given to small details which made the video appear more legitimate. |
-| [T0146 Account Asset](../../generated_pages/techniques/T0146.md) | IT00000520 In 2014 threat actors attributed to Russia spread the false narrative that a local chemical plant had leaked toxic fumes. This report discusses aspects of the operation:
[The chemical plant leak] hoax was just one in a wave of similar attacks during the second half of last year. On Dec. 13, two months after a handful of Ebola cases in the United States touched off a minor media panic, many of the same Twitter accounts used to spread the Columbian Chemicals hoax began to post about an outbreak of Ebola in Atlanta. [...] Again, the attention to detail was remarkable, suggesting a tremendous amount of effort. A YouTube video showed a team of hazmat-suited medical workers transporting a victim from the airport. Beyoncé’s recent single “7/11” played in the background, an apparent attempt to establish the video’s contemporaneity. A truck in the parking lot sported the logo of the Hartsfield-Jackson Atlanta International Airport.
Accounts which previously presented as Louisiana locals were repurposed for use in a different campaign, this time presenting as locals to Atlanta, a place over 500 miles away from Louisiana and in a different timezone (T0146: Account Asset, T0097.101: Local Persona, T0143.002: Fabricated Persona, T0151.008: Microblogging Platform, T0150.004: Repurposed Asset).
A video was created which appeared to support the campaign’s narrative (T0087: Develop Video-Based Content), with great attention given to small details which made the video appear more legitimate. |
-| [T0150.004 Repurposed Asset](../../generated_pages/techniques/T0150.004.md) | IT00000523 In 2014 threat actors attributed to Russia spread the false narrative that a local chemical plant had leaked toxic fumes. This report discusses aspects of the operation:
[The chemical plant leak] hoax was just one in a wave of similar attacks during the second half of last year. On Dec. 13, two months after a handful of Ebola cases in the United States touched off a minor media panic, many of the same Twitter accounts used to spread the Columbian Chemicals hoax began to post about an outbreak of Ebola in Atlanta. [...] Again, the attention to detail was remarkable, suggesting a tremendous amount of effort. A YouTube video showed a team of hazmat-suited medical workers transporting a victim from the airport. Beyoncé’s recent single “7/11” played in the background, an apparent attempt to establish the video’s contemporaneity. A truck in the parking lot sported the logo of the Hartsfield-Jackson Atlanta International Airport.
Accounts which previously presented as Louisiana locals were repurposed for use in a different campaign, this time presenting as locals to Atlanta, a place over 500 miles away from Louisiana and in a different timezone (T0146: Account Asset, T0097.101: Local Persona, T0143.002: Fabricated Persona, T0151.008: Microblogging Platform, T0150.004: Repurposed Asset).
A video was created which appeared to support the campaign’s narrative (T0087: Develop Video-Based Content), with great attention given to small details which made the video appear more legitimate. |
-| [T0151.008 Microblogging Platform](../../generated_pages/techniques/T0151.008.md) | IT00000522 In 2014 threat actors attributed to Russia spread the false narrative that a local chemical plant had leaked toxic fumes. This report discusses aspects of the operation:
[The chemical plant leak] hoax was just one in a wave of similar attacks during the second half of last year. On Dec. 13, two months after a handful of Ebola cases in the United States touched off a minor media panic, many of the same Twitter accounts used to spread the Columbian Chemicals hoax began to post about an outbreak of Ebola in Atlanta. [...] Again, the attention to detail was remarkable, suggesting a tremendous amount of effort. A YouTube video showed a team of hazmat-suited medical workers transporting a victim from the airport. Beyoncé’s recent single “7/11” played in the background, an apparent attempt to establish the video’s contemporaneity. A truck in the parking lot sported the logo of the Hartsfield-Jackson Atlanta International Airport.
Accounts which previously presented as Louisiana locals were repurposed for use in a different campaign, this time presenting as locals to Atlanta, a place over 500 miles away from Louisiana and in a different timezone (T0146: Account Asset, T0097.101: Local Persona, T0143.002: Fabricated Persona, T0151.008: Microblogging Platform, T0150.004: Repurposed Asset).
A video was created which appeared to support the campaign’s narrative (T0087: Develop Video-Based Content), with great attention given to small details which made the video appear more legitimate. |
+| [T0087 Develop Video-Based Content](../../generated_pages/techniques/T0087.md) | In 2014 threat actors attributed to Russia spread the false narrative that a local chemical plant had leaked toxic fumes. This report discusses aspects of the operation:
[The chemical plant leak] hoax was just one in a wave of similar attacks during the second half of last year. On Dec. 13, two months after a handful of Ebola cases in the United States touched off a minor media panic, many of the same Twitter accounts used to spread the Columbian Chemicals hoax began to post about an outbreak of Ebola in Atlanta. [...] Again, the attention to detail was remarkable, suggesting a tremendous amount of effort. A YouTube video showed a team of hazmat-suited medical workers transporting a victim from the airport. Beyoncé’s recent single “7/11” played in the background, an apparent attempt to establish the video’s contemporaneity. A truck in the parking lot sported the logo of the Hartsfield-Jackson Atlanta International Airport.
Accounts which previously presented as Louisiana locals were repurposed for use in a different campaign, this time presenting as locals to Atlanta, a place over 500 miles away from Louisiana and in a different timezone (T0146: Account Asset, T0097.101: Local Persona, T0143.002: Fabricated Persona, T0151.008: Microblogging Platform, T0150.004: Repurposed Asset).
A video was created which appeared to support the campaign’s narrative (T0087: Develop Video-Based Content), with great attention given to small details which made the video appear more legitimate. |
+| [T0143.002 Fabricated Persona](../../generated_pages/techniques/T0143.002.md) | In 2014 threat actors attributed to Russia spread the false narrative that a local chemical plant had leaked toxic fumes. This report discusses aspects of the operation:
[The chemical plant leak] hoax was just one in a wave of similar attacks during the second half of last year. On Dec. 13, two months after a handful of Ebola cases in the United States touched off a minor media panic, many of the same Twitter accounts used to spread the Columbian Chemicals hoax began to post about an outbreak of Ebola in Atlanta. [...] Again, the attention to detail was remarkable, suggesting a tremendous amount of effort. A YouTube video showed a team of hazmat-suited medical workers transporting a victim from the airport. Beyoncé’s recent single “7/11” played in the background, an apparent attempt to establish the video’s contemporaneity. A truck in the parking lot sported the logo of the Hartsfield-Jackson Atlanta International Airport.
Accounts which previously presented as Louisiana locals were repurposed for use in a different campaign, this time presenting as locals to Atlanta, a place over 500 miles away from Louisiana and in a different timezone (T0146: Account Asset, T0097.101: Local Persona, T0143.002: Fabricated Persona, T0151.008: Microblogging Platform, T0150.004: Repurposed Asset).
A video was created which appeared to support the campaign’s narrative (T0087: Develop Video-Based Content), with great attention given to small details which made the video appear more legitimate. |
+| [T0146 Account Asset](../../generated_pages/techniques/T0146.md) | In 2014 threat actors attributed to Russia spread the false narrative that a local chemical plant had leaked toxic fumes. This report discusses aspects of the operation:
[The chemical plant leak] hoax was just one in a wave of similar attacks during the second half of last year. On Dec. 13, two months after a handful of Ebola cases in the United States touched off a minor media panic, many of the same Twitter accounts used to spread the Columbian Chemicals hoax began to post about an outbreak of Ebola in Atlanta. [...] Again, the attention to detail was remarkable, suggesting a tremendous amount of effort. A YouTube video showed a team of hazmat-suited medical workers transporting a victim from the airport. Beyoncé’s recent single “7/11” played in the background, an apparent attempt to establish the video’s contemporaneity. A truck in the parking lot sported the logo of the Hartsfield-Jackson Atlanta International Airport.
Accounts which previously presented as Louisiana locals were repurposed for use in a different campaign, this time presenting as locals to Atlanta, a place over 500 miles away from Louisiana and in a different timezone (T0146: Account Asset, T0097.101: Local Persona, T0143.002: Fabricated Persona, T0151.008: Microblogging Platform, T0150.004: Repurposed Asset).
A video was created which appeared to support the campaign’s narrative (T0087: Develop Video-Based Content), with great attention given to small details which made the video appear more legitimate. |
+| [T0150.004 Repurposed Asset](../../generated_pages/techniques/T0150.004.md) | In 2014 threat actors attributed to Russia spread the false narrative that a local chemical plant had leaked toxic fumes. This report discusses aspects of the operation:
[The chemical plant leak] hoax was just one in a wave of similar attacks during the second half of last year. On Dec. 13, two months after a handful of Ebola cases in the United States touched off a minor media panic, many of the same Twitter accounts used to spread the Columbian Chemicals hoax began to post about an outbreak of Ebola in Atlanta. [...] Again, the attention to detail was remarkable, suggesting a tremendous amount of effort. A YouTube video showed a team of hazmat-suited medical workers transporting a victim from the airport. Beyoncé’s recent single “7/11” played in the background, an apparent attempt to establish the video’s contemporaneity. A truck in the parking lot sported the logo of the Hartsfield-Jackson Atlanta International Airport.
Accounts which previously presented as Louisiana locals were repurposed for use in a different campaign, this time presenting as locals to Atlanta, a place over 500 miles away from Louisiana and in a different timezone (T0146: Account Asset, T0097.101: Local Persona, T0143.002: Fabricated Persona, T0151.008: Microblogging Platform, T0150.004: Repurposed Asset).
A video was created which appeared to support the campaign’s narrative (T0087: Develop Video-Based Content), with great attention given to small details which made the video appear more legitimate. |
+| [T0151.008 Microblogging Platform](../../generated_pages/techniques/T0151.008.md) | In 2014 threat actors attributed to Russia spread the false narrative that a local chemical plant had leaked toxic fumes. This report discusses aspects of the operation:
[The chemical plant leak] hoax was just one in a wave of similar attacks during the second half of last year. On Dec. 13, two months after a handful of Ebola cases in the United States touched off a minor media panic, many of the same Twitter accounts used to spread the Columbian Chemicals hoax began to post about an outbreak of Ebola in Atlanta. [...] Again, the attention to detail was remarkable, suggesting a tremendous amount of effort. A YouTube video showed a team of hazmat-suited medical workers transporting a victim from the airport. Beyoncé’s recent single “7/11” played in the background, an apparent attempt to establish the video’s contemporaneity. A truck in the parking lot sported the logo of the Hartsfield-Jackson Atlanta International Airport.
Accounts which previously presented as Louisiana locals were repurposed for use in a different campaign, this time presenting as locals to Atlanta, a place over 500 miles away from Louisiana and in a different timezone (T0146: Account Asset, T0097.101: Local Persona, T0143.002: Fabricated Persona, T0151.008: Microblogging Platform, T0150.004: Repurposed Asset).
A video was created which appeared to support the campaign’s narrative (T0087: Develop Video-Based Content), with great attention given to small details which made the video appear more legitimate. |
DO NOT EDIT ABOVE THIS LINE - PLEASE ADD NOTES BELOW
\ No newline at end of file
diff --git a/generated_pages/incidents/I00126.md b/generated_pages/incidents/I00126.md
index 3f1c746..0f13440 100644
--- a/generated_pages/incidents/I00126.md
+++ b/generated_pages/incidents/I00126.md
@@ -21,13 +21,13 @@
| Technique | Description given for this incident |
| --------- | ------------------------- |
-| [T0085.004 Develop Document](../../generated_pages/techniques/T0085.004.md) | IT00000530 The target of the recently observed [highly targeted spearphishing attack by “Charming Kitten”, a hacker group attributed to Iran] had published an article related to Iran. The publicity appears to have garnered the attention of Charming Kitten, who subsequently created an email address to impersonate a reporter of an Israeli media organization in order to send the target an email. Prior to sending malware to the target, the attacker simply asked if the target would be open to reviewing a document they had written related to US foreign policy. The target agreed to do so, since this was not an unusual request; they are frequently asked by journalists to review opinion pieces relating to their field of work.
In an effort to further gain the target’s confidence, Charming Kitten continued the interaction with another benign email containing a list of questions, to which the target then responded with answers. After multiple days of benign and seemingly legitimate interaction, Charming Kitten finally sent a “draft report”; this was the first time anything opaquely malicious occurred. The “draft report” was, in fact, a password-protected RAR file containing a malicious LNK file. The password for the RAR file was provided in a subsequent email.
In this example, threat actors created an email address on a domain which impersonated an existing Israeli news organisation impersonating a reporter who worked there (T0097.102: Journalist Persona, T0097.202: News Outlet Persona, T0143.003: Impersonated Persona, T0149.003: Lookalike Domain, T0149.002: Email Domain Asset) in order to convince the target to download a document containing malware (T0085.004: Develop Document, T0147.003: Malware Asset). |
-| [T0097.102 Journalist Persona](../../generated_pages/techniques/T0097.102.md) | IT00000525 The target of the recently observed [highly targeted spearphishing attack by “Charming Kitten”, a hacker group attributed to Iran] had published an article related to Iran. The publicity appears to have garnered the attention of Charming Kitten, who subsequently created an email address to impersonate a reporter of an Israeli media organization in order to send the target an email. Prior to sending malware to the target, the attacker simply asked if the target would be open to reviewing a document they had written related to US foreign policy. The target agreed to do so, since this was not an unusual request; they are frequently asked by journalists to review opinion pieces relating to their field of work.
In an effort to further gain the target’s confidence, Charming Kitten continued the interaction with another benign email containing a list of questions, to which the target then responded with answers. After multiple days of benign and seemingly legitimate interaction, Charming Kitten finally sent a “draft report”; this was the first time anything opaquely malicious occurred. The “draft report” was, in fact, a password-protected RAR file containing a malicious LNK file. The password for the RAR file was provided in a subsequent email.
In this example, threat actors created an email address on a domain which impersonated an existing Israeli news organisation impersonating a reporter who worked there (T0097.102: Journalist Persona, T0097.202: News Outlet Persona, T0143.003: Impersonated Persona, T0149.003: Lookalike Domain, T0149.002: Email Domain Asset) in order to convince the target to download a document containing malware (T0085.004: Develop Document, T0147.003: Malware Asset). |
-| [T0097.202 News Outlet Persona](../../generated_pages/techniques/T0097.202.md) | IT00000526 The target of the recently observed [highly targeted spearphishing attack by “Charming Kitten”, a hacker group attributed to Iran] had published an article related to Iran. The publicity appears to have garnered the attention of Charming Kitten, who subsequently created an email address to impersonate a reporter of an Israeli media organization in order to send the target an email. Prior to sending malware to the target, the attacker simply asked if the target would be open to reviewing a document they had written related to US foreign policy. The target agreed to do so, since this was not an unusual request; they are frequently asked by journalists to review opinion pieces relating to their field of work.
In an effort to further gain the target’s confidence, Charming Kitten continued the interaction with another benign email containing a list of questions, to which the target then responded with answers. After multiple days of benign and seemingly legitimate interaction, Charming Kitten finally sent a “draft report”; this was the first time anything opaquely malicious occurred. The “draft report” was, in fact, a password-protected RAR file containing a malicious LNK file. The password for the RAR file was provided in a subsequent email.
In this example, threat actors created an email address on a domain which impersonated an existing Israeli news organisation impersonating a reporter who worked there (T0097.102: Journalist Persona, T0097.202: News Outlet Persona, T0143.003: Impersonated Persona, T0149.003: Lookalike Domain, T0149.002: Email Domain Asset) in order to convince the target to download a document containing malware (T0085.004: Develop Document, T0147.003: Malware Asset). |
-| [T0143.003 Impersonated Persona](../../generated_pages/techniques/T0143.003.md) | IT00000527 The target of the recently observed [highly targeted spearphishing attack by “Charming Kitten”, a hacker group attributed to Iran] had published an article related to Iran. The publicity appears to have garnered the attention of Charming Kitten, who subsequently created an email address to impersonate a reporter of an Israeli media organization in order to send the target an email. Prior to sending malware to the target, the attacker simply asked if the target would be open to reviewing a document they had written related to US foreign policy. The target agreed to do so, since this was not an unusual request; they are frequently asked by journalists to review opinion pieces relating to their field of work.
In an effort to further gain the target’s confidence, Charming Kitten continued the interaction with another benign email containing a list of questions, to which the target then responded with answers. After multiple days of benign and seemingly legitimate interaction, Charming Kitten finally sent a “draft report”; this was the first time anything opaquely malicious occurred. The “draft report” was, in fact, a password-protected RAR file containing a malicious LNK file. The password for the RAR file was provided in a subsequent email.
In this example, threat actors created an email address on a domain which impersonated an existing Israeli news organisation impersonating a reporter who worked there (T0097.102: Journalist Persona, T0097.202: News Outlet Persona, T0143.003: Impersonated Persona, T0149.003: Lookalike Domain, T0149.002: Email Domain Asset) in order to convince the target to download a document containing malware (T0085.004: Develop Document, T0147.003: Malware Asset). |
-| [T0147.003 Malware Asset](../../generated_pages/techniques/T0147.003.md) | IT00000531 The target of the recently observed [highly targeted spearphishing attack by “Charming Kitten”, a hacker group attributed to Iran] had published an article related to Iran. The publicity appears to have garnered the attention of Charming Kitten, who subsequently created an email address to impersonate a reporter of an Israeli media organization in order to send the target an email. Prior to sending malware to the target, the attacker simply asked if the target would be open to reviewing a document they had written related to US foreign policy. The target agreed to do so, since this was not an unusual request; they are frequently asked by journalists to review opinion pieces relating to their field of work.
In an effort to further gain the target’s confidence, Charming Kitten continued the interaction with another benign email containing a list of questions, to which the target then responded with answers. After multiple days of benign and seemingly legitimate interaction, Charming Kitten finally sent a “draft report”; this was the first time anything opaquely malicious occurred. The “draft report” was, in fact, a password-protected RAR file containing a malicious LNK file. The password for the RAR file was provided in a subsequent email.
In this example, threat actors created an email address on a domain which impersonated an existing Israeli news organisation impersonating a reporter who worked there (T0097.102: Journalist Persona, T0097.202: News Outlet Persona, T0143.003: Impersonated Persona, T0149.003: Lookalike Domain, T0149.002: Email Domain Asset) in order to convince the target to download a document containing malware (T0085.004: Develop Document, T0147.003: Malware Asset). |
-| [T0149.002 Email Domain Asset](../../generated_pages/techniques/T0149.002.md) | IT00000529 The target of the recently observed [highly targeted spearphishing attack by “Charming Kitten”, a hacker group attributed to Iran] had published an article related to Iran. The publicity appears to have garnered the attention of Charming Kitten, who subsequently created an email address to impersonate a reporter of an Israeli media organization in order to send the target an email. Prior to sending malware to the target, the attacker simply asked if the target would be open to reviewing a document they had written related to US foreign policy. The target agreed to do so, since this was not an unusual request; they are frequently asked by journalists to review opinion pieces relating to their field of work.
In an effort to further gain the target’s confidence, Charming Kitten continued the interaction with another benign email containing a list of questions, to which the target then responded with answers. After multiple days of benign and seemingly legitimate interaction, Charming Kitten finally sent a “draft report”; this was the first time anything opaquely malicious occurred. The “draft report” was, in fact, a password-protected RAR file containing a malicious LNK file. The password for the RAR file was provided in a subsequent email.
In this example, threat actors created an email address on a domain which impersonated an existing Israeli news organisation impersonating a reporter who worked there (T0097.102: Journalist Persona, T0097.202: News Outlet Persona, T0143.003: Impersonated Persona, T0149.003: Lookalike Domain, T0149.002: Email Domain Asset) in order to convince the target to download a document containing malware (T0085.004: Develop Document, T0147.003: Malware Asset). |
-| [T0149.003 Lookalike Domain](../../generated_pages/techniques/T0149.003.md) | IT00000528 The target of the recently observed [highly targeted spearphishing attack by “Charming Kitten”, a hacker group attributed to Iran] had published an article related to Iran. The publicity appears to have garnered the attention of Charming Kitten, who subsequently created an email address to impersonate a reporter of an Israeli media organization in order to send the target an email. Prior to sending malware to the target, the attacker simply asked if the target would be open to reviewing a document they had written related to US foreign policy. The target agreed to do so, since this was not an unusual request; they are frequently asked by journalists to review opinion pieces relating to their field of work.
In an effort to further gain the target’s confidence, Charming Kitten continued the interaction with another benign email containing a list of questions, to which the target then responded with answers. After multiple days of benign and seemingly legitimate interaction, Charming Kitten finally sent a “draft report”; this was the first time anything opaquely malicious occurred. The “draft report” was, in fact, a password-protected RAR file containing a malicious LNK file. The password for the RAR file was provided in a subsequent email.
In this example, threat actors created an email address on a domain which impersonated an existing Israeli news organisation impersonating a reporter who worked there (T0097.102: Journalist Persona, T0097.202: News Outlet Persona, T0143.003: Impersonated Persona, T0149.003: Lookalike Domain, T0149.002: Email Domain Asset) in order to convince the target to download a document containing malware (T0085.004: Develop Document, T0147.003: Malware Asset). |
+| [T0085.004 Develop Document](../../generated_pages/techniques/T0085.004.md) | The target of the recently observed [highly targeted spearphishing attack by “Charming Kitten”, a hacker group attributed to Iran] had published an article related to Iran. The publicity appears to have garnered the attention of Charming Kitten, who subsequently created an email address to impersonate a reporter of an Israeli media organization in order to send the target an email. Prior to sending malware to the target, the attacker simply asked if the target would be open to reviewing a document they had written related to US foreign policy. The target agreed to do so, since this was not an unusual request; they are frequently asked by journalists to review opinion pieces relating to their field of work.
In an effort to further gain the target’s confidence, Charming Kitten continued the interaction with another benign email containing a list of questions, to which the target then responded with answers. After multiple days of benign and seemingly legitimate interaction, Charming Kitten finally sent a “draft report”; this was the first time anything opaquely malicious occurred. The “draft report” was, in fact, a password-protected RAR file containing a malicious LNK file. The password for the RAR file was provided in a subsequent email.
In this example, threat actors created an email address on a domain which impersonated an existing Israeli news organisation impersonating a reporter who worked there (T0097.102: Journalist Persona, T0097.202: News Outlet Persona, T0143.003: Impersonated Persona, T0149.003: Lookalike Domain, T0149.002: Email Domain Asset) in order to convince the target to download a document containing malware (T0085.004: Develop Document, T0147.003: Malware Asset). |
+| [T0097.102 Journalist Persona](../../generated_pages/techniques/T0097.102.md) | The target of the recently observed [highly targeted spearphishing attack by “Charming Kitten”, a hacker group attributed to Iran] had published an article related to Iran. The publicity appears to have garnered the attention of Charming Kitten, who subsequently created an email address to impersonate a reporter of an Israeli media organization in order to send the target an email. Prior to sending malware to the target, the attacker simply asked if the target would be open to reviewing a document they had written related to US foreign policy. The target agreed to do so, since this was not an unusual request; they are frequently asked by journalists to review opinion pieces relating to their field of work.
In an effort to further gain the target’s confidence, Charming Kitten continued the interaction with another benign email containing a list of questions, to which the target then responded with answers. After multiple days of benign and seemingly legitimate interaction, Charming Kitten finally sent a “draft report”; this was the first time anything opaquely malicious occurred. The “draft report” was, in fact, a password-protected RAR file containing a malicious LNK file. The password for the RAR file was provided in a subsequent email.
In this example, threat actors created an email address on a domain which impersonated an existing Israeli news organisation impersonating a reporter who worked there (T0097.102: Journalist Persona, T0097.202: News Outlet Persona, T0143.003: Impersonated Persona, T0149.003: Lookalike Domain, T0149.002: Email Domain Asset) in order to convince the target to download a document containing malware (T0085.004: Develop Document, T0147.003: Malware Asset). |
+| [T0097.202 News Outlet Persona](../../generated_pages/techniques/T0097.202.md) | The target of the recently observed [highly targeted spearphishing attack by “Charming Kitten”, a hacker group attributed to Iran] had published an article related to Iran. The publicity appears to have garnered the attention of Charming Kitten, who subsequently created an email address to impersonate a reporter of an Israeli media organization in order to send the target an email. Prior to sending malware to the target, the attacker simply asked if the target would be open to reviewing a document they had written related to US foreign policy. The target agreed to do so, since this was not an unusual request; they are frequently asked by journalists to review opinion pieces relating to their field of work.
In an effort to further gain the target’s confidence, Charming Kitten continued the interaction with another benign email containing a list of questions, to which the target then responded with answers. After multiple days of benign and seemingly legitimate interaction, Charming Kitten finally sent a “draft report”; this was the first time anything opaquely malicious occurred. The “draft report” was, in fact, a password-protected RAR file containing a malicious LNK file. The password for the RAR file was provided in a subsequent email.
In this example, threat actors created an email address on a domain which impersonated an existing Israeli news organisation impersonating a reporter who worked there (T0097.102: Journalist Persona, T0097.202: News Outlet Persona, T0143.003: Impersonated Persona, T0149.003: Lookalike Domain, T0149.002: Email Domain Asset) in order to convince the target to download a document containing malware (T0085.004: Develop Document, T0147.003: Malware Asset). |
+| [T0143.003 Impersonated Persona](../../generated_pages/techniques/T0143.003.md) | The target of the recently observed [highly targeted spearphishing attack by “Charming Kitten”, a hacker group attributed to Iran] had published an article related to Iran. The publicity appears to have garnered the attention of Charming Kitten, who subsequently created an email address to impersonate a reporter of an Israeli media organization in order to send the target an email. Prior to sending malware to the target, the attacker simply asked if the target would be open to reviewing a document they had written related to US foreign policy. The target agreed to do so, since this was not an unusual request; they are frequently asked by journalists to review opinion pieces relating to their field of work.
In an effort to further gain the target’s confidence, Charming Kitten continued the interaction with another benign email containing a list of questions, to which the target then responded with answers. After multiple days of benign and seemingly legitimate interaction, Charming Kitten finally sent a “draft report”; this was the first time anything opaquely malicious occurred. The “draft report” was, in fact, a password-protected RAR file containing a malicious LNK file. The password for the RAR file was provided in a subsequent email.
In this example, threat actors created an email address on a domain which impersonated an existing Israeli news organisation impersonating a reporter who worked there (T0097.102: Journalist Persona, T0097.202: News Outlet Persona, T0143.003: Impersonated Persona, T0149.003: Lookalike Domain, T0149.002: Email Domain Asset) in order to convince the target to download a document containing malware (T0085.004: Develop Document, T0147.003: Malware Asset). |
+| [T0147.003 Malware Asset](../../generated_pages/techniques/T0147.003.md) | The target of the recently observed [highly targeted spearphishing attack by “Charming Kitten”, a hacker group attributed to Iran] had published an article related to Iran. The publicity appears to have garnered the attention of Charming Kitten, who subsequently created an email address to impersonate a reporter of an Israeli media organization in order to send the target an email. Prior to sending malware to the target, the attacker simply asked if the target would be open to reviewing a document they had written related to US foreign policy. The target agreed to do so, since this was not an unusual request; they are frequently asked by journalists to review opinion pieces relating to their field of work.
In an effort to further gain the target’s confidence, Charming Kitten continued the interaction with another benign email containing a list of questions, to which the target then responded with answers. After multiple days of benign and seemingly legitimate interaction, Charming Kitten finally sent a “draft report”; this was the first time anything opaquely malicious occurred. The “draft report” was, in fact, a password-protected RAR file containing a malicious LNK file. The password for the RAR file was provided in a subsequent email.
In this example, threat actors created an email address on a domain which impersonated an existing Israeli news organisation impersonating a reporter who worked there (T0097.102: Journalist Persona, T0097.202: News Outlet Persona, T0143.003: Impersonated Persona, T0149.003: Lookalike Domain, T0149.002: Email Domain Asset) in order to convince the target to download a document containing malware (T0085.004: Develop Document, T0147.003: Malware Asset). |
+| [T0149.002 Email Domain Asset](../../generated_pages/techniques/T0149.002.md) | The target of the recently observed [highly targeted spearphishing attack by “Charming Kitten”, a hacker group attributed to Iran] had published an article related to Iran. The publicity appears to have garnered the attention of Charming Kitten, who subsequently created an email address to impersonate a reporter of an Israeli media organization in order to send the target an email. Prior to sending malware to the target, the attacker simply asked if the target would be open to reviewing a document they had written related to US foreign policy. The target agreed to do so, since this was not an unusual request; they are frequently asked by journalists to review opinion pieces relating to their field of work.
In an effort to further gain the target’s confidence, Charming Kitten continued the interaction with another benign email containing a list of questions, to which the target then responded with answers. After multiple days of benign and seemingly legitimate interaction, Charming Kitten finally sent a “draft report”; this was the first time anything opaquely malicious occurred. The “draft report” was, in fact, a password-protected RAR file containing a malicious LNK file. The password for the RAR file was provided in a subsequent email.
In this example, threat actors created an email address on a domain which impersonated an existing Israeli news organisation impersonating a reporter who worked there (T0097.102: Journalist Persona, T0097.202: News Outlet Persona, T0143.003: Impersonated Persona, T0149.003: Lookalike Domain, T0149.002: Email Domain Asset) in order to convince the target to download a document containing malware (T0085.004: Develop Document, T0147.003: Malware Asset). |
+| [T0149.003 Lookalike Domain](../../generated_pages/techniques/T0149.003.md) | The target of the recently observed [highly targeted spearphishing attack by “Charming Kitten”, a hacker group attributed to Iran] had published an article related to Iran. The publicity appears to have garnered the attention of Charming Kitten, who subsequently created an email address to impersonate a reporter of an Israeli media organization in order to send the target an email. Prior to sending malware to the target, the attacker simply asked if the target would be open to reviewing a document they had written related to US foreign policy. The target agreed to do so, since this was not an unusual request; they are frequently asked by journalists to review opinion pieces relating to their field of work.
In an effort to further gain the target’s confidence, Charming Kitten continued the interaction with another benign email containing a list of questions, to which the target then responded with answers. After multiple days of benign and seemingly legitimate interaction, Charming Kitten finally sent a “draft report”; this was the first time anything opaquely malicious occurred. The “draft report” was, in fact, a password-protected RAR file containing a malicious LNK file. The password for the RAR file was provided in a subsequent email.
In this example, threat actors created an email address on a domain which impersonated an existing Israeli news organisation impersonating a reporter who worked there (T0097.102: Journalist Persona, T0097.202: News Outlet Persona, T0143.003: Impersonated Persona, T0149.003: Lookalike Domain, T0149.002: Email Domain Asset) in order to convince the target to download a document containing malware (T0085.004: Develop Document, T0147.003: Malware Asset). |
DO NOT EDIT ABOVE THIS LINE - PLEASE ADD NOTES BELOW
\ No newline at end of file
diff --git a/generated_pages/incidents/I00127.md b/generated_pages/incidents/I00127.md
index 4e48e2f..1881164 100644
--- a/generated_pages/incidents/I00127.md
+++ b/generated_pages/incidents/I00127.md
@@ -21,8 +21,8 @@
| Technique | Description given for this incident |
| --------- | ------------------------- |
-| [T0097.104 Hacktivist Persona](../../generated_pages/techniques/T0097.104.md) | IT00000532 Iranian state-backed advanced persistent threat (APT) groups have been masquerading as hacktivists, claiming attacks against Israeli critical infrastructure and air defense systems.
[...]
What's clearer are the benefits of the model itself: creating a layer of plausible deniability for the state, and the impression among the public that their attacks are grassroots-inspired. While this deniability has always been a key driver with state-sponsored cyberattacks, researchers characterized this instance as noteworthy for the effort behind the charade.
"We've seen a lot of hacktivist activity that seems to be nation-states trying to have that 'deniable' capability," Adam Meyers, CrowdStrike senior vice president for counter adversary operations said in a press conference this week. "And so these groups continue to maintain activity, moving from what was traditionally website defacements and DDoS attacks, into a lot of hack and leak operations."
To sell the persona, faketivists like to adopt the aesthetic, rhetoric, tactics, techniques, and procedures (TTPs), and sometimes the actual names and iconography associated with legitimate hacktivist outfits. Keen eyes will spot that they typically arise just after major geopolitical events, without an established history of activity, in alignment with the interests of their government sponsors.
Oftentimes, it's difficult to separate the faketivists from the hacktivists, as each might promote and support the activities of the other.
In this example analysts from CrowdStrike assert that hacker groups took on the persona of hacktivists to disguise the state-backed nature of their cyber attack campaign (T0097.104: Hacktivist Persona). At times state-backed hacktivists will impersonate existing hacktivist organisations (T0097.104: Hacktivist Persona, T0143.003: Impersonated Persona). |
-| [T0143.003 Impersonated Persona](../../generated_pages/techniques/T0143.003.md) | IT00000533 Iranian state-backed advanced persistent threat (APT) groups have been masquerading as hacktivists, claiming attacks against Israeli critical infrastructure and air defense systems.
[...]
What's clearer are the benefits of the model itself: creating a layer of plausible deniability for the state, and the impression among the public that their attacks are grassroots-inspired. While this deniability has always been a key driver with state-sponsored cyberattacks, researchers characterized this instance as noteworthy for the effort behind the charade.
"We've seen a lot of hacktivist activity that seems to be nation-states trying to have that 'deniable' capability," Adam Meyers, CrowdStrike senior vice president for counter adversary operations said in a press conference this week. "And so these groups continue to maintain activity, moving from what was traditionally website defacements and DDoS attacks, into a lot of hack and leak operations."
To sell the persona, faketivists like to adopt the aesthetic, rhetoric, tactics, techniques, and procedures (TTPs), and sometimes the actual names and iconography associated with legitimate hacktivist outfits. Keen eyes will spot that they typically arise just after major geopolitical events, without an established history of activity, in alignment with the interests of their government sponsors.
Oftentimes, it's difficult to separate the faketivists from the hacktivists, as each might promote and support the activities of the other.
In this example analysts from CrowdStrike assert that hacker groups took on the persona of hacktivists to disguise the state-backed nature of their cyber attack campaign (T0097.104: Hacktivist Persona). At times state-backed hacktivists will impersonate existing hacktivist organisations (T0097.104: Hacktivist Persona, T0143.003: Impersonated Persona). |
+| [T0097.104 Hacktivist Persona](../../generated_pages/techniques/T0097.104.md) | Iranian state-backed advanced persistent threat (APT) groups have been masquerading as hacktivists, claiming attacks against Israeli critical infrastructure and air defense systems.
[...]
What's clearer are the benefits of the model itself: creating a layer of plausible deniability for the state, and the impression among the public that their attacks are grassroots-inspired. While this deniability has always been a key driver with state-sponsored cyberattacks, researchers characterized this instance as noteworthy for the effort behind the charade.
"We've seen a lot of hacktivist activity that seems to be nation-states trying to have that 'deniable' capability," Adam Meyers, CrowdStrike senior vice president for counter adversary operations said in a press conference this week. "And so these groups continue to maintain activity, moving from what was traditionally website defacements and DDoS attacks, into a lot of hack and leak operations."
To sell the persona, faketivists like to adopt the aesthetic, rhetoric, tactics, techniques, and procedures (TTPs), and sometimes the actual names and iconography associated with legitimate hacktivist outfits. Keen eyes will spot that they typically arise just after major geopolitical events, without an established history of activity, in alignment with the interests of their government sponsors.
Oftentimes, it's difficult to separate the faketivists from the hacktivists, as each might promote and support the activities of the other.
In this example analysts from CrowdStrike assert that hacker groups took on the persona of hacktivists to disguise the state-backed nature of their cyber attack campaign (T0097.104: Hacktivist Persona). At times state-backed hacktivists will impersonate existing hacktivist organisations (T0097.104: Hacktivist Persona, T0143.003: Impersonated Persona). |
+| [T0143.003 Impersonated Persona](../../generated_pages/techniques/T0143.003.md) | Iranian state-backed advanced persistent threat (APT) groups have been masquerading as hacktivists, claiming attacks against Israeli critical infrastructure and air defense systems.
[...]
What's clearer are the benefits of the model itself: creating a layer of plausible deniability for the state, and the impression among the public that their attacks are grassroots-inspired. While this deniability has always been a key driver with state-sponsored cyberattacks, researchers characterized this instance as noteworthy for the effort behind the charade.
"We've seen a lot of hacktivist activity that seems to be nation-states trying to have that 'deniable' capability," Adam Meyers, CrowdStrike senior vice president for counter adversary operations said in a press conference this week. "And so these groups continue to maintain activity, moving from what was traditionally website defacements and DDoS attacks, into a lot of hack and leak operations."
To sell the persona, faketivists like to adopt the aesthetic, rhetoric, tactics, techniques, and procedures (TTPs), and sometimes the actual names and iconography associated with legitimate hacktivist outfits. Keen eyes will spot that they typically arise just after major geopolitical events, without an established history of activity, in alignment with the interests of their government sponsors.
Oftentimes, it's difficult to separate the faketivists from the hacktivists, as each might promote and support the activities of the other.
In this example analysts from CrowdStrike assert that hacker groups took on the persona of hacktivists to disguise the state-backed nature of their cyber attack campaign (T0097.104: Hacktivist Persona). At times state-backed hacktivists will impersonate existing hacktivist organisations (T0097.104: Hacktivist Persona, T0143.003: Impersonated Persona). |
DO NOT EDIT ABOVE THIS LINE - PLEASE ADD NOTES BELOW
\ No newline at end of file
diff --git a/generated_pages/incidents/I00128.md b/generated_pages/incidents/I00128.md
index 4163e10..3f6aee5 100644
--- a/generated_pages/incidents/I00128.md
+++ b/generated_pages/incidents/I00128.md
@@ -21,12 +21,12 @@
| Technique | Description given for this incident |
| --------- | ------------------------- |
-| [T0097.208 Social Cause Persona](../../generated_pages/techniques/T0097.208.md) | IT00000534 [Meta removed a network of assets for coordinated inauthentic behaviour. One page] in the network, @StopMEK, was promoting views against the People’s Mujahedin of Iran (MEK), the largest and most active political opposition group against the Islamic Republic of Iran Leadership.
The content on the page drew narratives showing parallels between the Islamic State of Iraq and Syria (ISIS) and the MEK.
Apart from images and memes, the @StopMEK page shared a link to an archived report on how the United States was monitoring the MEK’s movement in Iran in the mid-1990’s. The file was embedded as a QR code on one of the page’s images.
In this example a Facebook page presented itself as focusing on a political cause (T0097.208: Social Cause Persona, T0151.001: Social Media Platform, T0151.002: Online Community Group). Within the page it embedded a QR code (T0122: Direct Users to Alternative Platforms, T0153.004: QR Code Asset), which took users to a document hosted on another website (T0152.004: Website Asset). |
-| [T0122 Direct Users to Alternative Platforms](../../generated_pages/techniques/T0122.md) | IT00000537 [Meta removed a network of assets for coordinated inauthentic behaviour. One page] in the network, @StopMEK, was promoting views against the People’s Mujahedin of Iran (MEK), the largest and most active political opposition group against the Islamic Republic of Iran Leadership.
The content on the page drew narratives showing parallels between the Islamic State of Iraq and Syria (ISIS) and the MEK.
Apart from images and memes, the @StopMEK page shared a link to an archived report on how the United States was monitoring the MEK’s movement in Iran in the mid-1990’s. The file was embedded as a QR code on one of the page’s images.
In this example a Facebook page presented itself as focusing on a political cause (T0097.208: Social Cause Persona, T0151.001: Social Media Platform, T0151.002: Online Community Group). Within the page it embedded a QR code (T0122: Direct Users to Alternative Platforms, T0153.004: QR Code Asset), which took users to a document hosted on another website (T0152.004: Website Asset). |
-| [T0151.001 Social Media Platform](../../generated_pages/techniques/T0151.001.md) | IT00000535 [Meta removed a network of assets for coordinated inauthentic behaviour. One page] in the network, @StopMEK, was promoting views against the People’s Mujahedin of Iran (MEK), the largest and most active political opposition group against the Islamic Republic of Iran Leadership.
The content on the page drew narratives showing parallels between the Islamic State of Iraq and Syria (ISIS) and the MEK.
Apart from images and memes, the @StopMEK page shared a link to an archived report on how the United States was monitoring the MEK’s movement in Iran in the mid-1990’s. The file was embedded as a QR code on one of the page’s images.
In this example a Facebook page presented itself as focusing on a political cause (T0097.208: Social Cause Persona, T0151.001: Social Media Platform, T0151.002: Online Community Group). Within the page it embedded a QR code (T0122: Direct Users to Alternative Platforms, T0153.004: QR Code Asset), which took users to a document hosted on another website (T0152.004: Website Asset). |
-| [T0151.002 Online Community Group](../../generated_pages/techniques/T0151.002.md) | IT00000536 [Meta removed a network of assets for coordinated inauthentic behaviour. One page] in the network, @StopMEK, was promoting views against the People’s Mujahedin of Iran (MEK), the largest and most active political opposition group against the Islamic Republic of Iran Leadership.
The content on the page drew narratives showing parallels between the Islamic State of Iraq and Syria (ISIS) and the MEK.
Apart from images and memes, the @StopMEK page shared a link to an archived report on how the United States was monitoring the MEK’s movement in Iran in the mid-1990’s. The file was embedded as a QR code on one of the page’s images.
In this example a Facebook page presented itself as focusing on a political cause (T0097.208: Social Cause Persona, T0151.001: Social Media Platform, T0151.002: Online Community Group). Within the page it embedded a QR code (T0122: Direct Users to Alternative Platforms, T0153.004: QR Code Asset), which took users to a document hosted on another website (T0152.004: Website Asset). |
-| [T0152.004 Website Asset](../../generated_pages/techniques/T0152.004.md) | IT00000539 [Meta removed a network of assets for coordinated inauthentic behaviour. One page] in the network, @StopMEK, was promoting views against the People’s Mujahedin of Iran (MEK), the largest and most active political opposition group against the Islamic Republic of Iran Leadership.
The content on the page drew narratives showing parallels between the Islamic State of Iraq and Syria (ISIS) and the MEK.
Apart from images and memes, the @StopMEK page shared a link to an archived report on how the United States was monitoring the MEK’s movement in Iran in the mid-1990’s. The file was embedded as a QR code on one of the page’s images.
In this example a Facebook page presented itself as focusing on a political cause (T0097.208: Social Cause Persona, T0151.001: Social Media Platform, T0151.002: Online Community Group). Within the page it embedded a QR code (T0122: Direct Users to Alternative Platforms, T0153.004: QR Code Asset), which took users to a document hosted on another website (T0152.004: Website Asset). |
-| [T0153.004 QR Code Asset](../../generated_pages/techniques/T0153.004.md) | IT00000538 [Meta removed a network of assets for coordinated inauthentic behaviour. One page] in the network, @StopMEK, was promoting views against the People’s Mujahedin of Iran (MEK), the largest and most active political opposition group against the Islamic Republic of Iran Leadership.
The content on the page drew narratives showing parallels between the Islamic State of Iraq and Syria (ISIS) and the MEK.
Apart from images and memes, the @StopMEK page shared a link to an archived report on how the United States was monitoring the MEK’s movement in Iran in the mid-1990’s. The file was embedded as a QR code on one of the page’s images.
In this example a Facebook page presented itself as focusing on a political cause (T0097.208: Social Cause Persona, T0151.001: Social Media Platform, T0151.002: Online Community Group). Within the page it embedded a QR code (T0122: Direct Users to Alternative Platforms, T0153.004: QR Code Asset), which took users to a document hosted on another website (T0152.004: Website Asset). |
+| [T0097.208 Social Cause Persona](../../generated_pages/techniques/T0097.208.md) | [Meta removed a network of assets for coordinated inauthentic behaviour. One page] in the network, @StopMEK, was promoting views against the People’s Mujahedin of Iran (MEK), the largest and most active political opposition group against the Islamic Republic of Iran Leadership.
The content on the page drew narratives showing parallels between the Islamic State of Iraq and Syria (ISIS) and the MEK.
Apart from images and memes, the @StopMEK page shared a link to an archived report on how the United States was monitoring the MEK’s movement in Iran in the mid-1990’s. The file was embedded as a QR code on one of the page’s images.
In this example a Facebook page presented itself as focusing on a political cause (T0097.208: Social Cause Persona, T0151.001: Social Media Platform, T0151.002: Online Community Group). Within the page it embedded a QR code (T0122: Direct Users to Alternative Platforms, T0153.004: QR Code Asset), which took users to a document hosted on another website (T0152.004: Website Asset). |
+| [T0122 Direct Users to Alternative Platforms](../../generated_pages/techniques/T0122.md) | [Meta removed a network of assets for coordinated inauthentic behaviour. One page] in the network, @StopMEK, was promoting views against the People’s Mujahedin of Iran (MEK), the largest and most active political opposition group against the Islamic Republic of Iran Leadership.
The content on the page drew narratives showing parallels between the Islamic State of Iraq and Syria (ISIS) and the MEK.
Apart from images and memes, the @StopMEK page shared a link to an archived report on how the United States was monitoring the MEK’s movement in Iran in the mid-1990’s. The file was embedded as a QR code on one of the page’s images.
In this example a Facebook page presented itself as focusing on a political cause (T0097.208: Social Cause Persona, T0151.001: Social Media Platform, T0151.002: Online Community Group). Within the page it embedded a QR code (T0122: Direct Users to Alternative Platforms, T0153.004: QR Code Asset), which took users to a document hosted on another website (T0152.004: Website Asset). |
+| [T0151.001 Social Media Platform](../../generated_pages/techniques/T0151.001.md) | [Meta removed a network of assets for coordinated inauthentic behaviour. One page] in the network, @StopMEK, was promoting views against the People’s Mujahedin of Iran (MEK), the largest and most active political opposition group against the Islamic Republic of Iran Leadership.
The content on the page drew narratives showing parallels between the Islamic State of Iraq and Syria (ISIS) and the MEK.
Apart from images and memes, the @StopMEK page shared a link to an archived report on how the United States was monitoring the MEK’s movement in Iran in the mid-1990’s. The file was embedded as a QR code on one of the page’s images.
In this example a Facebook page presented itself as focusing on a political cause (T0097.208: Social Cause Persona, T0151.001: Social Media Platform, T0151.002: Online Community Group). Within the page it embedded a QR code (T0122: Direct Users to Alternative Platforms, T0153.004: QR Code Asset), which took users to a document hosted on another website (T0152.004: Website Asset). |
+| [T0151.002 Online Community Group](../../generated_pages/techniques/T0151.002.md) | [Meta removed a network of assets for coordinated inauthentic behaviour. One page] in the network, @StopMEK, was promoting views against the People’s Mujahedin of Iran (MEK), the largest and most active political opposition group against the Islamic Republic of Iran Leadership.
The content on the page drew narratives showing parallels between the Islamic State of Iraq and Syria (ISIS) and the MEK.
Apart from images and memes, the @StopMEK page shared a link to an archived report on how the United States was monitoring the MEK’s movement in Iran in the mid-1990’s. The file was embedded as a QR code on one of the page’s images.
In this example a Facebook page presented itself as focusing on a political cause (T0097.208: Social Cause Persona, T0151.001: Social Media Platform, T0151.002: Online Community Group). Within the page it embedded a QR code (T0122: Direct Users to Alternative Platforms, T0153.004: QR Code Asset), which took users to a document hosted on another website (T0152.004: Website Asset). |
+| [T0152.004 Website Asset](../../generated_pages/techniques/T0152.004.md) | [Meta removed a network of assets for coordinated inauthentic behaviour. One page] in the network, @StopMEK, was promoting views against the People’s Mujahedin of Iran (MEK), the largest and most active political opposition group against the Islamic Republic of Iran Leadership.
The content on the page drew narratives showing parallels between the Islamic State of Iraq and Syria (ISIS) and the MEK.
Apart from images and memes, the @StopMEK page shared a link to an archived report on how the United States was monitoring the MEK’s movement in Iran in the mid-1990’s. The file was embedded as a QR code on one of the page’s images.
In this example a Facebook page presented itself as focusing on a political cause (T0097.208: Social Cause Persona, T0151.001: Social Media Platform, T0151.002: Online Community Group). Within the page it embedded a QR code (T0122: Direct Users to Alternative Platforms, T0153.004: QR Code Asset), which took users to a document hosted on another website (T0152.004: Website Asset). |
+| [T0153.004 QR Code Asset](../../generated_pages/techniques/T0153.004.md) | [Meta removed a network of assets for coordinated inauthentic behaviour. One page] in the network, @StopMEK, was promoting views against the People’s Mujahedin of Iran (MEK), the largest and most active political opposition group against the Islamic Republic of Iran Leadership.
The content on the page drew narratives showing parallels between the Islamic State of Iraq and Syria (ISIS) and the MEK.
Apart from images and memes, the @StopMEK page shared a link to an archived report on how the United States was monitoring the MEK’s movement in Iran in the mid-1990’s. The file was embedded as a QR code on one of the page’s images.
In this example a Facebook page presented itself as focusing on a political cause (T0097.208: Social Cause Persona, T0151.001: Social Media Platform, T0151.002: Online Community Group). Within the page it embedded a QR code (T0122: Direct Users to Alternative Platforms, T0153.004: QR Code Asset), which took users to a document hosted on another website (T0152.004: Website Asset). |
DO NOT EDIT ABOVE THIS LINE - PLEASE ADD NOTES BELOW
\ No newline at end of file
diff --git a/generated_pages/incidents/I00129.md b/generated_pages/incidents/I00129.md
index bf3399f..28f6326 100644
--- a/generated_pages/incidents/I00129.md
+++ b/generated_pages/incidents/I00129.md
@@ -21,12 +21,12 @@
| Technique | Description given for this incident |
| --------- | ------------------------- |
-| [T0143.003 Impersonated Persona](../../generated_pages/techniques/T0143.003.md) | IT00000544 An 18-year-old hacker who pulled off a huge breach in 2020, infiltrating several high profile Twitter accounts to solicit bitcoin transactions, has agreed to serve three years in prison for his actions.
Graham Ivan Clark, of Florida, was 17 years old at the time of the hack in July, during which he took over a number of major accounts including those of Joe Biden, Bill Gates and Kim Kardashian West.
Once he accessed them, Clark tweeted a link to a bitcoin address and wrote “all bitcoin sent to our address below will be sent back to you doubled!” According to court documents, Clark made more than $100,000 from the scheme, which his lawyers say he has since returned.
Clark was able to access the accounts after convincing an employee at Twitter he worked in the company’s information technology department, according to the Tampa Bay Times.
In this example a threat actor gained access to Twitter’s customer service portal through social engineering (T0146.004: Administrator Account Asset, T0150.005: Compromised Asset, T0151.008: Microblogging Platform), which they used to take over accounts of public figures (T0146.003: Verified Account Asset, T0143.003: Impersonated Persona, T0150.005: Compromised Asset, T0151.008: Microblogging Platform).
The threat actor used these compromised accounts to trick their followers into sending bitcoin to their wallet (T0148.009: Cryptocurrency Wallet). |
-| [T0146.004 Administrator Account Asset](../../generated_pages/techniques/T0146.004.md) | IT00000543 An 18-year-old hacker who pulled off a huge breach in 2020, infiltrating several high profile Twitter accounts to solicit bitcoin transactions, has agreed to serve three years in prison for his actions.
Graham Ivan Clark, of Florida, was 17 years old at the time of the hack in July, during which he took over a number of major accounts including those of Joe Biden, Bill Gates and Kim Kardashian West.
Once he accessed them, Clark tweeted a link to a bitcoin address and wrote “all bitcoin sent to our address below will be sent back to you doubled!” According to court documents, Clark made more than $100,000 from the scheme, which his lawyers say he has since returned.
Clark was able to access the accounts after convincing an employee at Twitter he worked in the company’s information technology department, according to the Tampa Bay Times.
In this example a threat actor gained access to Twitter’s customer service portal through social engineering (T0146.004: Administrator Account Asset, T0150.005: Compromised Asset, T0151.008: Microblogging Platform), which they used to take over accounts of public figures (T0146.003: Verified Account Asset, T0143.003: Impersonated Persona, T0150.005: Compromised Asset, T0151.008: Microblogging Platform).
The threat actor used these compromised accounts to trick their followers into sending bitcoin to their wallet (T0148.009: Cryptocurrency Wallet). |
-| [T0148.009 Cryptocurrency Wallet](../../generated_pages/techniques/T0148.009.md) | IT00000546 An 18-year-old hacker who pulled off a huge breach in 2020, infiltrating several high profile Twitter accounts to solicit bitcoin transactions, has agreed to serve three years in prison for his actions.
Graham Ivan Clark, of Florida, was 17 years old at the time of the hack in July, during which he took over a number of major accounts including those of Joe Biden, Bill Gates and Kim Kardashian West.
Once he accessed them, Clark tweeted a link to a bitcoin address and wrote “all bitcoin sent to our address below will be sent back to you doubled!” According to court documents, Clark made more than $100,000 from the scheme, which his lawyers say he has since returned.
Clark was able to access the accounts after convincing an employee at Twitter he worked in the company’s information technology department, according to the Tampa Bay Times.
In this example a threat actor gained access to Twitter’s customer service portal through social engineering (T0146.004: Administrator Account Asset, T0150.005: Compromised Asset, T0151.008: Microblogging Platform), which they used to take over accounts of public figures (T0146.003: Verified Account Asset, T0143.003: Impersonated Persona, T0150.005: Compromised Asset, T0151.008: Microblogging Platform).
The threat actor used these compromised accounts to trick their followers into sending bitcoin to their wallet (T0148.009: Cryptocurrency Wallet). |
-| [T0150.005 Compromised Asset](../../generated_pages/techniques/T0150.005.md) | IT00000541 An 18-year-old hacker who pulled off a huge breach in 2020, infiltrating several high profile Twitter accounts to solicit bitcoin transactions, has agreed to serve three years in prison for his actions.
Graham Ivan Clark, of Florida, was 17 years old at the time of the hack in July, during which he took over a number of major accounts including those of Joe Biden, Bill Gates and Kim Kardashian West.
Once he accessed them, Clark tweeted a link to a bitcoin address and wrote “all bitcoin sent to our address below will be sent back to you doubled!” According to court documents, Clark made more than $100,000 from the scheme, which his lawyers say he has since returned.
Clark was able to access the accounts after convincing an employee at Twitter he worked in the company’s information technology department, according to the Tampa Bay Times.
In this example a threat actor gained access to Twitter’s customer service portal through social engineering (T0146.004: Administrator Account Asset, T0150.005: Compromised Asset, T0151.008: Microblogging Platform), which they used to take over accounts of public figures (T0146.003: Verified Account Asset, T0143.003: Impersonated Persona, T0150.005: Compromised Asset, T0151.008: Microblogging Platform).
The threat actor used these compromised accounts to trick their followers into sending bitcoin to their wallet (T0148.009: Cryptocurrency Wallet). |
-| [T0150.005 Compromised Asset](../../generated_pages/techniques/T0150.005.md) | IT00000545 An 18-year-old hacker who pulled off a huge breach in 2020, infiltrating several high profile Twitter accounts to solicit bitcoin transactions, has agreed to serve three years in prison for his actions.
Graham Ivan Clark, of Florida, was 17 years old at the time of the hack in July, during which he took over a number of major accounts including those of Joe Biden, Bill Gates and Kim Kardashian West.
Once he accessed them, Clark tweeted a link to a bitcoin address and wrote “all bitcoin sent to our address below will be sent back to you doubled!” According to court documents, Clark made more than $100,000 from the scheme, which his lawyers say he has since returned.
Clark was able to access the accounts after convincing an employee at Twitter he worked in the company’s information technology department, according to the Tampa Bay Times.
In this example a threat actor gained access to Twitter’s customer service portal through social engineering (T0146.004: Administrator Account Asset, T0150.005: Compromised Asset, T0151.008: Microblogging Platform), which they used to take over accounts of public figures (T0146.003: Verified Account Asset, T0143.003: Impersonated Persona, T0150.005: Compromised Asset, T0151.008: Microblogging Platform).
The threat actor used these compromised accounts to trick their followers into sending bitcoin to their wallet (T0148.009: Cryptocurrency Wallet). |
-| [T0151.008 Microblogging Platform](../../generated_pages/techniques/T0151.008.md) | IT00000542 An 18-year-old hacker who pulled off a huge breach in 2020, infiltrating several high profile Twitter accounts to solicit bitcoin transactions, has agreed to serve three years in prison for his actions.
Graham Ivan Clark, of Florida, was 17 years old at the time of the hack in July, during which he took over a number of major accounts including those of Joe Biden, Bill Gates and Kim Kardashian West.
Once he accessed them, Clark tweeted a link to a bitcoin address and wrote “all bitcoin sent to our address below will be sent back to you doubled!” According to court documents, Clark made more than $100,000 from the scheme, which his lawyers say he has since returned.
Clark was able to access the accounts after convincing an employee at Twitter he worked in the company’s information technology department, according to the Tampa Bay Times.
In this example a threat actor gained access to Twitter’s customer service portal through social engineering (T0146.004: Administrator Account Asset, T0150.005: Compromised Asset, T0151.008: Microblogging Platform), which they used to take over accounts of public figures (T0146.003: Verified Account Asset, T0143.003: Impersonated Persona, T0150.005: Compromised Asset, T0151.008: Microblogging Platform).
The threat actor used these compromised accounts to trick their followers into sending bitcoin to their wallet (T0148.009: Cryptocurrency Wallet). |
+| [T0143.003 Impersonated Persona](../../generated_pages/techniques/T0143.003.md) | An 18-year-old hacker who pulled off a huge breach in 2020, infiltrating several high profile Twitter accounts to solicit bitcoin transactions, has agreed to serve three years in prison for his actions.
Graham Ivan Clark, of Florida, was 17 years old at the time of the hack in July, during which he took over a number of major accounts including those of Joe Biden, Bill Gates and Kim Kardashian West.
Once he accessed them, Clark tweeted a link to a bitcoin address and wrote “all bitcoin sent to our address below will be sent back to you doubled!” According to court documents, Clark made more than $100,000 from the scheme, which his lawyers say he has since returned.
Clark was able to access the accounts after convincing an employee at Twitter he worked in the company’s information technology department, according to the Tampa Bay Times.
In this example a threat actor gained access to Twitter’s customer service portal through social engineering (T0146.004: Administrator Account Asset, T0150.005: Compromised Asset, T0151.008: Microblogging Platform), which they used to take over accounts of public figures (T0146.003: Verified Account Asset, T0143.003: Impersonated Persona, T0150.005: Compromised Asset, T0151.008: Microblogging Platform).
The threat actor used these compromised accounts to trick their followers into sending bitcoin to their wallet (T0148.009: Cryptocurrency Wallet). |
+| [T0146.004 Administrator Account Asset](../../generated_pages/techniques/T0146.004.md) | An 18-year-old hacker who pulled off a huge breach in 2020, infiltrating several high profile Twitter accounts to solicit bitcoin transactions, has agreed to serve three years in prison for his actions.
Graham Ivan Clark, of Florida, was 17 years old at the time of the hack in July, during which he took over a number of major accounts including those of Joe Biden, Bill Gates and Kim Kardashian West.
Once he accessed them, Clark tweeted a link to a bitcoin address and wrote “all bitcoin sent to our address below will be sent back to you doubled!” According to court documents, Clark made more than $100,000 from the scheme, which his lawyers say he has since returned.
Clark was able to access the accounts after convincing an employee at Twitter he worked in the company’s information technology department, according to the Tampa Bay Times.
In this example a threat actor gained access to Twitter’s customer service portal through social engineering (T0146.004: Administrator Account Asset, T0150.005: Compromised Asset, T0151.008: Microblogging Platform), which they used to take over accounts of public figures (T0146.003: Verified Account Asset, T0143.003: Impersonated Persona, T0150.005: Compromised Asset, T0151.008: Microblogging Platform).
The threat actor used these compromised accounts to trick their followers into sending bitcoin to their wallet (T0148.009: Cryptocurrency Wallet). |
+| [T0148.009 Cryptocurrency Wallet](../../generated_pages/techniques/T0148.009.md) | An 18-year-old hacker who pulled off a huge breach in 2020, infiltrating several high profile Twitter accounts to solicit bitcoin transactions, has agreed to serve three years in prison for his actions.
Graham Ivan Clark, of Florida, was 17 years old at the time of the hack in July, during which he took over a number of major accounts including those of Joe Biden, Bill Gates and Kim Kardashian West.
Once he accessed them, Clark tweeted a link to a bitcoin address and wrote “all bitcoin sent to our address below will be sent back to you doubled!” According to court documents, Clark made more than $100,000 from the scheme, which his lawyers say he has since returned.
Clark was able to access the accounts after convincing an employee at Twitter he worked in the company’s information technology department, according to the Tampa Bay Times.
In this example a threat actor gained access to Twitter’s customer service portal through social engineering (T0146.004: Administrator Account Asset, T0150.005: Compromised Asset, T0151.008: Microblogging Platform), which they used to take over accounts of public figures (T0146.003: Verified Account Asset, T0143.003: Impersonated Persona, T0150.005: Compromised Asset, T0151.008: Microblogging Platform).
The threat actor used these compromised accounts to trick their followers into sending bitcoin to their wallet (T0148.009: Cryptocurrency Wallet). |
+| [T0150.005 Compromised Asset](../../generated_pages/techniques/T0150.005.md) | An 18-year-old hacker who pulled off a huge breach in 2020, infiltrating several high profile Twitter accounts to solicit bitcoin transactions, has agreed to serve three years in prison for his actions.
Graham Ivan Clark, of Florida, was 17 years old at the time of the hack in July, during which he took over a number of major accounts including those of Joe Biden, Bill Gates and Kim Kardashian West.
Once he accessed them, Clark tweeted a link to a bitcoin address and wrote “all bitcoin sent to our address below will be sent back to you doubled!” According to court documents, Clark made more than $100,000 from the scheme, which his lawyers say he has since returned.
Clark was able to access the accounts after convincing an employee at Twitter he worked in the company’s information technology department, according to the Tampa Bay Times.
In this example a threat actor gained access to Twitter’s customer service portal through social engineering (T0146.004: Administrator Account Asset, T0150.005: Compromised Asset, T0151.008: Microblogging Platform), which they used to take over accounts of public figures (T0146.003: Verified Account Asset, T0143.003: Impersonated Persona, T0150.005: Compromised Asset, T0151.008: Microblogging Platform).
The threat actor used these compromised accounts to trick their followers into sending bitcoin to their wallet (T0148.009: Cryptocurrency Wallet). |
+| [T0150.005 Compromised Asset](../../generated_pages/techniques/T0150.005.md) | An 18-year-old hacker who pulled off a huge breach in 2020, infiltrating several high profile Twitter accounts to solicit bitcoin transactions, has agreed to serve three years in prison for his actions.
Graham Ivan Clark, of Florida, was 17 years old at the time of the hack in July, during which he took over a number of major accounts including those of Joe Biden, Bill Gates and Kim Kardashian West.
Once he accessed them, Clark tweeted a link to a bitcoin address and wrote “all bitcoin sent to our address below will be sent back to you doubled!” According to court documents, Clark made more than $100,000 from the scheme, which his lawyers say he has since returned.
Clark was able to access the accounts after convincing an employee at Twitter he worked in the company’s information technology department, according to the Tampa Bay Times.
In this example a threat actor gained access to Twitter’s customer service portal through social engineering (T0146.004: Administrator Account Asset, T0150.005: Compromised Asset, T0151.008: Microblogging Platform), which they used to take over accounts of public figures (T0146.003: Verified Account Asset, T0143.003: Impersonated Persona, T0150.005: Compromised Asset, T0151.008: Microblogging Platform).
The threat actor used these compromised accounts to trick their followers into sending bitcoin to their wallet (T0148.009: Cryptocurrency Wallet). |
+| [T0151.008 Microblogging Platform](../../generated_pages/techniques/T0151.008.md) | An 18-year-old hacker who pulled off a huge breach in 2020, infiltrating several high profile Twitter accounts to solicit bitcoin transactions, has agreed to serve three years in prison for his actions.
Graham Ivan Clark, of Florida, was 17 years old at the time of the hack in July, during which he took over a number of major accounts including those of Joe Biden, Bill Gates and Kim Kardashian West.
Once he accessed them, Clark tweeted a link to a bitcoin address and wrote “all bitcoin sent to our address below will be sent back to you doubled!” According to court documents, Clark made more than $100,000 from the scheme, which his lawyers say he has since returned.
Clark was able to access the accounts after convincing an employee at Twitter he worked in the company’s information technology department, according to the Tampa Bay Times.
In this example a threat actor gained access to Twitter’s customer service portal through social engineering (T0146.004: Administrator Account Asset, T0150.005: Compromised Asset, T0151.008: Microblogging Platform), which they used to take over accounts of public figures (T0146.003: Verified Account Asset, T0143.003: Impersonated Persona, T0150.005: Compromised Asset, T0151.008: Microblogging Platform).
The threat actor used these compromised accounts to trick their followers into sending bitcoin to their wallet (T0148.009: Cryptocurrency Wallet). |
DO NOT EDIT ABOVE THIS LINE - PLEASE ADD NOTES BELOW
\ No newline at end of file
diff --git a/generated_pages/techniques/T0001.md b/generated_pages/techniques/T0001.md
deleted file mode 100644
index 4ba41ca..0000000
--- a/generated_pages/techniques/T0001.md
+++ /dev/null
@@ -1,42 +0,0 @@
-# Technique T0001: Determine Target Audiences
-
-* **Summary**:
-
-* **Belongs to tactic stage**: TA01
-
-
-| Incident | Descriptions given for this incident |
-| -------- | -------------------- |
-| [I00029 MH17 investigation](../generated_pages/incidents/I00029.md) | 4 D's (dismiss, distort, distract, dismay...Official channels ie: Embassies & Defence Ministry; TASS |
-| [I00047 Sea of Azov](../generated_pages/incidents/I00047.md) | 4 D's (dismiss, distort, distract, dismay...Official channels ie: Embassies & Defence Ministry; TASS, Russian FSB security service blamed Ukraine for sparking the clashes, saying their "irrefutable" evidence would "soon be made public |
-| [I00049 White Helmets: Chemical Weapons](../generated_pages/incidents/I00049.md) | 4 D's (dismiss, distort, distract, dismay...Official channels ie: Embassies & Defence Ministry; TASS |
-| [I00053 China Huawei CFO Arrest](../generated_pages/incidents/I00053.md) | China also plays victim, innocence, plays by rules, misunderstood narrative, Chinese ambassador Lu Shaye accused Canada of applying a double standard, and has decried what he sees as “Western egotism and white supremacy” in the treatment of detained Huawei executive Meng Wanzhou.” |
-| [I00063 Olympic Doping Scandal](../generated_pages/incidents/I00063.md) | 4 D's (dismiss, distort, distract, dismay...Official channels ie: Putin himself; Embassies & Sports Ministry; TASS |
-
-
-
-| Counters | Response types |
-| -------- | -------------- |
-| [C00008 Create shared fact-checking database](../generated_pages/counters/C00008.md) | D04 |
-| [C00011 Media literacy. Games to identify fake news](../generated_pages/counters/C00011.md) | D02 |
-| [C00012 Platform regulation](../generated_pages/counters/C00012.md) | D02 |
-| [C00013 Rating framework for news](../generated_pages/counters/C00013.md) | D02 |
-| [C00014 Real-time updates to fact-checking database](../generated_pages/counters/C00014.md) | D04 |
-| [C00016 Censorship](../generated_pages/counters/C00016.md) | D02 |
-| [C00017 Repair broken social connections](../generated_pages/counters/C00017.md) | D03 |
-| [C00019 Reduce effect of division-enablers](../generated_pages/counters/C00019.md) | D03 |
-| [C00021 Encourage in-person communication](../generated_pages/counters/C00021.md) | D04 |
-| [C00022 Innoculate. Positive campaign to promote feeling of safety](../generated_pages/counters/C00022.md) | D04 |
-| [C00024 Promote healthy narratives](../generated_pages/counters/C00024.md) | D04 |
-| [C00026 Shore up democracy based messages](../generated_pages/counters/C00026.md) | D04 |
-| [C00027 Create culture of civility](../generated_pages/counters/C00027.md) | D07 |
-| [C00107 Content moderation](../generated_pages/counters/C00107.md) | D02 |
-| [C00174 Create a healthier news environment](../generated_pages/counters/C00174.md) | D02 |
-| [C00176 Improve Coordination amongst stakeholders: public and private](../generated_pages/counters/C00176.md) | D07 |
-| [C00188 Newsroom/Journalist training to counter influence moves](../generated_pages/counters/C00188.md) | D03 |
-| [C00190 open engagement with civil society](../generated_pages/counters/C00190.md) | D03 |
-| [C00205 strong dialogue between the federal government and private sector to encourage better reporting](../generated_pages/counters/C00205.md) | D03 |
-| [C00212 build public resilience by making civil society more vibrant](../generated_pages/counters/C00212.md) | D03 |
-
-
-DO NOT EDIT ABOVE THIS LINE - PLEASE ADD NOTES BELOW
\ No newline at end of file
diff --git a/generated_pages/techniques/T0002.md b/generated_pages/techniques/T0002.md
index 07f452e..f296f0b 100644
--- a/generated_pages/techniques/T0002.md
+++ b/generated_pages/techniques/T0002.md
@@ -2,13 +2,13 @@
**Summary**: Organise citizens around pro-state messaging. Coordinate paid or volunteer groups to push state propaganda.
+**Tactic**: TA02 Plan Objectives
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA02
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0003.md b/generated_pages/techniques/T0003.md
index d46bb6a..4e39874 100644
--- a/generated_pages/techniques/T0003.md
+++ b/generated_pages/techniques/T0003.md
@@ -2,13 +2,13 @@
**Summary**: Use or adapt existing narrative themes, where narratives are the baseline stories of a target audience. Narratives form the bedrock of our worldviews. New information is understood through a process firmly grounded in this bedrock. If new information is not consitent with the prevailing narratives of an audience, it will be ignored. Effective campaigns will frame their misinformation in the context of these narratives. Highly effective campaigns will make extensive use of audience-appropriate archetypes and meta-narratives throughout their content creation and amplifiction practices.
+**Tactic**: TA14 Develop Narratives
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA14
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0004.md b/generated_pages/techniques/T0004.md
index b71f10c..371001a 100644
--- a/generated_pages/techniques/T0004.md
+++ b/generated_pages/techniques/T0004.md
@@ -2,13 +2,13 @@
**Summary**: Advance competing narratives connected to same issue ie: on one hand deny incident while at same time expresses dismiss. Suppressing or discouraging narratives already spreading requires an alternative. The most simple set of narrative techniques in response would be the construction and promotion of contradictory alternatives centred on denial, deflection, dismissal, counter-charges, excessive standards of proof, bias in prohibition or enforcement, and so on. These competing narratives allow loyalists cover, but are less compelling to opponents and fence-sitters than campaigns built around existing narratives or highly explanatory master narratives. Competing narratives, as such, are especially useful in the "firehose of misinformation" approach.
+**Tactic**: TA14 Develop Narratives
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA14
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0005.md b/generated_pages/techniques/T0005.md
deleted file mode 100644
index 243d3d1..0000000
--- a/generated_pages/techniques/T0005.md
+++ /dev/null
@@ -1,19 +0,0 @@
-# Technique T0005: Distract
-
-* **Summary**: Shift attention to a different narrative or actor, for instance by accusing critics of the same activity that they’ve accused you of (e.g. police brutality).
-
-* **Belongs to tactic stage**: TA02
-
-
-| Incident | Descriptions given for this incident |
-| -------- | -------------------- |
-
-
-
-| Counters | Response types |
-| -------- | -------------- |
-| [C00010 Enhanced privacy regulation for social media](../generated_pages/counters/C00010.md) | D02 |
-| [C00036 Infiltrate the in-group to discredit leaders (divide)](../generated_pages/counters/C00036.md) | D02 |
-
-
-DO NOT EDIT ABOVE THIS LINE - PLEASE ADD NOTES BELOW
\ No newline at end of file
diff --git a/generated_pages/techniques/T0006.md b/generated_pages/techniques/T0006.md
deleted file mode 100644
index 615c624..0000000
--- a/generated_pages/techniques/T0006.md
+++ /dev/null
@@ -1,30 +0,0 @@
-# Technique T0006: Dismay
-
-* **Summary**: Threaten the critic or narrator of events. For instance, threaten journalists or news outlets reporting on a story.
-
-* **Belongs to tactic stage**: TA02
-
-
-| Incident | Descriptions given for this incident |
-| -------- | -------------------- |
-
-
-
-| Counters | Response types |
-| -------- | -------------- |
-| [C00008 Create shared fact-checking database](../generated_pages/counters/C00008.md) | D04 |
-| [C00011 Media literacy. Games to identify fake news](../generated_pages/counters/C00011.md) | D02 |
-| [C00014 Real-time updates to fact-checking database](../generated_pages/counters/C00014.md) | D04 |
-| [C00021 Encourage in-person communication](../generated_pages/counters/C00021.md) | D04 |
-| [C00022 Innoculate. Positive campaign to promote feeling of safety](../generated_pages/counters/C00022.md) | D04 |
-| [C00024 Promote healthy narratives](../generated_pages/counters/C00024.md) | D04 |
-| [C00027 Create culture of civility](../generated_pages/counters/C00027.md) | D07 |
-| [C00029 Create fake website to issue counter narrative and counter narrative through physical merchandise](../generated_pages/counters/C00029.md) | D03 |
-| [C00030 Develop a compelling counter narrative (truth based)](../generated_pages/counters/C00030.md) | D03 |
-| [C00031 Dilute the core narrative - create multiple permutations, target / amplify](../generated_pages/counters/C00031.md) | D03 |
-| [C00081 Highlight flooding and noise, and explain motivations](../generated_pages/counters/C00081.md) | D03 |
-| [C00082 Ground truthing as automated response to pollution](../generated_pages/counters/C00082.md) | D03 |
-| [C00084 Modify disinformation narratives, and rebroadcast them](../generated_pages/counters/C00084.md) | D03 |
-
-
-DO NOT EDIT ABOVE THIS LINE - PLEASE ADD NOTES BELOW
\ No newline at end of file
diff --git a/generated_pages/techniques/T0007.md b/generated_pages/techniques/T0007.md
deleted file mode 100644
index ee72108..0000000
--- a/generated_pages/techniques/T0007.md
+++ /dev/null
@@ -1,27 +0,0 @@
-# Technique T0007: Create Inauthentic Social Media Pages and Groups
-
-* **Summary**: Create key social engineering assets needed to amplify content, manipulate algorithms, fool public and/or specific incident/campaign targets. Computational propaganda depends substantially on false perceptions of credibility and acceptance. By creating fake users and groups with a variety of interests and commitments, attackers can ensure that their messages both come from trusted sources and appear more widely adopted than they actually are.
-
-* **Belongs to tactic stage**: TA15
-
-
-| Incident | Descriptions given for this incident |
-| -------- | -------------------- |
-| [I00005 Brexit vote](../../generated_pages/incidents/I00005.md) | Fake FB groups + dark content |
-| [I00006 Columbian Chemicals](../../generated_pages/incidents/I00006.md) | Fake twitter profiles to amplify |
-| [I00009 PhilippinesExpert](../../generated_pages/incidents/I00009.md) | FB pages |
-| [I00010 ParklandTeens](../../generated_pages/incidents/I00010.md) | FB pages/groups/profiles |
-| [I00017 US presidential elections](../../generated_pages/incidents/I00017.md) | Fake FB groups + dark content |
-| [I00022 #Macronleaks](../../generated_pages/incidents/I00022.md) | Fake FB groups/pages/profiles + dark content |
-| [I00032 Kavanaugh](../../generated_pages/incidents/I00032.md) | Fake FB groups/pages/profiles |
-| [I00056 Iran Influence Operations](../../generated_pages/incidents/I00056.md) | Fake FB groups/pages/profiles + dark content (non-paid advertising) |
-
-
-
-| Counters | Response types |
-| -------- | -------------- |
-| [C00006 Charge for social media](../../generated_pages/counters/C00006.md) | D02 |
-| [C00040 third party verification for people](../../generated_pages/counters/C00040.md) | D02 |
-
-
-DO NOT EDIT ABOVE THIS LINE - PLEASE ADD NOTES BELOW
\ No newline at end of file
diff --git a/generated_pages/techniques/T0008.md b/generated_pages/techniques/T0008.md
deleted file mode 100644
index f0e3618..0000000
--- a/generated_pages/techniques/T0008.md
+++ /dev/null
@@ -1,33 +0,0 @@
-# Technique T0008: Degrade Adversary
-
-* **Summary**: Plan to degrade an adversary’s image or ability to act. This could include preparation and use of harmful information about the adversary’s actions or reputation.
-
-* **Belongs to tactic stage**: TA02
-
-
-| Incident | Descriptions given for this incident |
-| -------- | -------------------- |
-| [I00056 Iran Influence Operations](../generated_pages/incidents/I00056.md) | Fake news/synthetic web-sites |
-
-
-
-| Counters | Response types |
-| -------- | -------------- |
-| [C00008 Create shared fact-checking database](../generated_pages/counters/C00008.md) | D04 |
-| [C00011 Media literacy. Games to identify fake news](../generated_pages/counters/C00011.md) | D02 |
-| [C00012 Platform regulation](../generated_pages/counters/C00012.md) | D02 |
-| [C00014 Real-time updates to fact-checking database](../generated_pages/counters/C00014.md) | D04 |
-| [C00016 Censorship](../generated_pages/counters/C00016.md) | D02 |
-| [C00070 Block access to disinformation resources](../generated_pages/counters/C00070.md) | D02 |
-| [C00085 Mute content](../generated_pages/counters/C00085.md) | D03 |
-| [C00099 Strengthen verification methods](../generated_pages/counters/C00099.md) | D02 |
-| [C00107 Content moderation](../generated_pages/counters/C00107.md) | D02 |
-| [C00122 Content moderation](../generated_pages/counters/C00122.md) | D02 |
-| [C00153 Take pre-emptive action against actors' infrastructure](../generated_pages/counters/C00153.md) | D03 |
-| [C00172 social media source removal](../generated_pages/counters/C00172.md) | D02 |
-| [C00176 Improve Coordination amongst stakeholders: public and private](../generated_pages/counters/C00176.md) | D07 |
-| [C00188 Newsroom/Journalist training to counter influence moves](../generated_pages/counters/C00188.md) | D03 |
-| [C00189 Ensure that platforms are taking down flagged accounts](../generated_pages/counters/C00189.md) | D06 |
-
-
-DO NOT EDIT ABOVE THIS LINE - PLEASE ADD NOTES BELOW
\ No newline at end of file
diff --git a/generated_pages/techniques/T0009.md b/generated_pages/techniques/T0009.md
deleted file mode 100644
index e87f35f..0000000
--- a/generated_pages/techniques/T0009.md
+++ /dev/null
@@ -1,22 +0,0 @@
-# Technique T0009: Create Fake Experts
-
-* **Summary**: Stories planted or promoted in computational propaganda operations often make use of experts fabricated from whole cloth, sometimes specifically for the story itself.
-
-* **Belongs to tactic stage**: TA16
-
-
-| Incident | Descriptions given for this incident |
-| -------- | -------------------- |
-| [I00044 JadeHelm exercise](../../generated_pages/incidents/I00044.md) | Promote fake “experts” with impressive (and scary) titles |
-
-
-
-| Counters | Response types |
-| -------- | -------------- |
-| [C00034 Create more friction at account creation](../../generated_pages/counters/C00034.md) | D04 |
-| [C00107 Content moderation](../../generated_pages/counters/C00107.md) | D02 |
-| [C00176 Improve Coordination amongst stakeholders: public and private](../../generated_pages/counters/C00176.md) | D07 |
-| [C00197 remove suspicious accounts](../../generated_pages/counters/C00197.md) | D02 |
-
-
-DO NOT EDIT ABOVE THIS LINE - PLEASE ADD NOTES BELOW
\ No newline at end of file
diff --git a/generated_pages/techniques/T0010.md b/generated_pages/techniques/T0010.md
index 988f743..5157450 100644
--- a/generated_pages/techniques/T0010.md
+++ b/generated_pages/techniques/T0010.md
@@ -2,13 +2,13 @@
**Summary**: Cultivate propagandists for a cause, the goals of which are not fully comprehended, and who are used cynically by the leaders of the cause. Independent actors use social media and specialised web sites to strategically reinforce and spread messages compatible with their own. Their networks are infiltrated and used by state media disinformation organisations to amplify the state’s own disinformation strategies against target populations. Many are traffickers in conspiracy theories or hoaxes, unified by a suspicion of Western governments and mainstream media. Their narratives, which appeal to leftists hostile to globalism and military intervention and nationalists against immigration, are frequently infiltrated and shaped by state-controlled trolls and altered news items from agencies such as RT and Sputnik. Also know as "useful idiots" or "unwitting agents".
+**Tactic**: TA15 Establish Assets
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA15
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0011.md b/generated_pages/techniques/T0011.md
deleted file mode 100644
index d33f5d4..0000000
--- a/generated_pages/techniques/T0011.md
+++ /dev/null
@@ -1,20 +0,0 @@
-# Technique T0011: Compromise Legitimate Accounts
-
-* **Summary**: Hack or take over legimate accounts to distribute misinformation or damaging content.
-
-* **Belongs to tactic stage**: TA16
-
-
-| Incident | Descriptions given for this incident |
-| -------- | -------------------- |
-| [I00042 Saudi/Qatar bot dispute](../../generated_pages/incidents/I00042.md) | “hack” of Qatar’s official news agency |
-
-
-
-| Counters | Response types |
-| -------- | -------------- |
-| [C00053 Delete old accounts / Remove unused social media accounts](../../generated_pages/counters/C00053.md) | D04 |
-| [C00182 Redirection / malware detection/ remediation](../../generated_pages/counters/C00182.md) | D02 |
-
-
-DO NOT EDIT ABOVE THIS LINE - PLEASE ADD NOTES BELOW
\ No newline at end of file
diff --git a/generated_pages/techniques/T0012.md b/generated_pages/techniques/T0012.md
deleted file mode 100644
index 8f15cad..0000000
--- a/generated_pages/techniques/T0012.md
+++ /dev/null
@@ -1,22 +0,0 @@
-# Technique T0012: Segment Audiences
-
-* **Summary**: Create audience segmentations by features of interest to the influence campaign, including political affiliation, geographic location, income, demographics, and psychographics.
-
-* **Belongs to tactic stage**: TA13
-
-
-| Incident | Descriptions given for this incident |
-| -------- | -------------------- |
-
-
-
-| Counters | Response types |
-| -------- | -------------- |
-| [C00034 Create more friction at account creation](../generated_pages/counters/C00034.md) | D04 |
-| [C00036 Infiltrate the in-group to discredit leaders (divide)](../generated_pages/counters/C00036.md) | D02 |
-| [C00040 third party verification for people](../generated_pages/counters/C00040.md) | D02 |
-| [C00051 Counter social engineering training](../generated_pages/counters/C00051.md) | D02 |
-| [C00052 Infiltrate platforms](../generated_pages/counters/C00052.md) | D04 |
-
-
-DO NOT EDIT ABOVE THIS LINE - PLEASE ADD NOTES BELOW
\ No newline at end of file
diff --git a/generated_pages/techniques/T0013.md b/generated_pages/techniques/T0013.md
deleted file mode 100644
index b2b8272..0000000
--- a/generated_pages/techniques/T0013.md
+++ /dev/null
@@ -1,17 +0,0 @@
-# Technique T0013: Create Inauthentic Websites
-
-* **Summary**: Create media assets to support inauthentic organisations (e.g. think tank), people (e.g. experts) and/or serve as sites to distribute malware/launch phishing operations.
-
-* **Belongs to tactic stage**: TA15
-
-
-| Incident | Descriptions given for this incident |
-| -------- | -------------------- |
-
-
-
-| Counters | Response types |
-| -------- | -------------- |
-
-
-DO NOT EDIT ABOVE THIS LINE - PLEASE ADD NOTES BELOW
\ No newline at end of file
diff --git a/generated_pages/techniques/T0014.001.md b/generated_pages/techniques/T0014.001.md
index 1f26143..820d9fc 100644
--- a/generated_pages/techniques/T0014.001.md
+++ b/generated_pages/techniques/T0014.001.md
@@ -2,13 +2,13 @@
**Summary**: Raising funds from malign actors may include contributions from foreign agents, cutouts or proxies, shell companies, dark money groups, etc.
+**Tactic**: TA15 Establish Assets
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA15
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0014.002.md b/generated_pages/techniques/T0014.002.md
index 6623599..9ed8f0b 100644
--- a/generated_pages/techniques/T0014.002.md
+++ b/generated_pages/techniques/T0014.002.md
@@ -2,13 +2,13 @@
**Summary**: Raising funds from ignorant agents may include scams, donations intended for one stated purpose but then used for another, etc.
+**Tactic**: TA15 Establish Assets
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA15
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0014.md b/generated_pages/techniques/T0014.md
index 6dbff46..b11182a 100644
--- a/generated_pages/techniques/T0014.md
+++ b/generated_pages/techniques/T0014.md
@@ -2,13 +2,13 @@
**Summary**: Fundraising campaigns refer to an influence operation’s systematic effort to seek financial support for a charity, cause, or other enterprise using online activities that further promote operation information pathways while raising a profit. Many influence operations have engaged in crowdfunding services on platforms including Tipee, Patreon, and GoFundMe. An operation may use its previously prepared fundraising campaigns (see: Develop Information Pathways) to promote operation messaging while raising money to support its activities.
+**Tactic**: TA15 Establish Assets
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA15
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0015.001.md b/generated_pages/techniques/T0015.001.md
index 76edf43..bdec23e 100644
--- a/generated_pages/techniques/T0015.001.md
+++ b/generated_pages/techniques/T0015.001.md
@@ -2,13 +2,13 @@
**Summary**: Use a dedicated, existing hashtag for the campaign/incident. This Technique covers behaviours previously documented by T0104.005: Use Hashtags, which has since been deprecated.
+**Tactic**: TA06 Develop Content
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA06
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0015.002.md b/generated_pages/techniques/T0015.002.md
index 8e21d4d..6f96f7c 100644
--- a/generated_pages/techniques/T0015.002.md
+++ b/generated_pages/techniques/T0015.002.md
@@ -2,13 +2,13 @@
**Summary**: Create a campaign/incident specific hashtag. This Technique covers behaviours previously documented by T0104.006: Create Dedicated Hashtag, which has since been deprecated.
+**Tactic**: TA06 Develop Content
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA06
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0015.md b/generated_pages/techniques/T0015.md
index fa9203a..725c115 100644
--- a/generated_pages/techniques/T0015.md
+++ b/generated_pages/techniques/T0015.md
@@ -2,13 +2,13 @@
**Summary**: Create one or more hashtags and/or hashtag groups. Many incident-based campaigns will create hashtags to promote their fabricated event. Creating a hashtag for an incident can have two important effects: 1. Create a perception of reality around an event. Certainly only "real" events would be discussed in a hashtag. After all, the event has a name!, and 2. Publicise the story more widely through trending lists and search behaviour. Asset needed to direct/control/manage "conversation" connected to launching new incident/campaign with new hashtag for applicable social media sites).
+**Tactic**: TA06 Develop Content
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA06
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0016.md b/generated_pages/techniques/T0016.md
index e8b1191..a3612fc 100644
--- a/generated_pages/techniques/T0016.md
+++ b/generated_pages/techniques/T0016.md
@@ -2,13 +2,13 @@
**Summary**: Create attention grabbing headlines (outrage, doubt, humour) required to drive traffic & engagement. This is a key asset.
+**Tactic**: TA05 Microtarget
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA05
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0017.001.md b/generated_pages/techniques/T0017.001.md
index 8deb659..b5e7ce1 100644
--- a/generated_pages/techniques/T0017.001.md
+++ b/generated_pages/techniques/T0017.001.md
@@ -2,13 +2,13 @@
**Summary**: An influence operation may Conduct Crowdfunding Campaigns on platforms such as GoFundMe, GiveSendGo, Tipeee, Patreon, etc.
+**Tactic**: TA10 Drive Offline Activity
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA10
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0017.md b/generated_pages/techniques/T0017.md
index 2fe6adc..062a439 100644
--- a/generated_pages/techniques/T0017.md
+++ b/generated_pages/techniques/T0017.md
@@ -2,13 +2,13 @@
**Summary**: Fundraising campaigns refer to an influence operation’s systematic effort to seek financial support for a charity, cause, or other enterprise using online activities that further promote operation information pathways while raising a profit. Many influence operations have engaged in crowdfunding services166 on platforms including Tipee, Patreon, and GoFundMe. An operation may use its previously prepared fundraising campaigns to promote operation messaging while raising money to support its activities.
+**Tactic**: TA10 Drive Offline Activity
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA10
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0018.md b/generated_pages/techniques/T0018.md
index a498cfd..2830dbb 100644
--- a/generated_pages/techniques/T0018.md
+++ b/generated_pages/techniques/T0018.md
@@ -2,13 +2,13 @@
**Summary**: Create or fund advertisements targeted at specific populations
+**Tactic**: TA05 Microtarget
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA05
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0019.001.md b/generated_pages/techniques/T0019.001.md
deleted file mode 100644
index 6a4cb1b..0000000
--- a/generated_pages/techniques/T0019.001.md
+++ /dev/null
@@ -1,17 +0,0 @@
-# Technique T0019.001: Create Fake Research
-
-* **Summary**: Create fake academic research. Example: fake social science research is often aimed at hot-button social issues such as gender, race and sexuality. Fake science research can target Climate Science debate or pseudoscience like anti-vaxx
-
-* **Belongs to tactic stage**: TA06
-
-
-| Incident | Descriptions given for this incident |
-| -------- | -------------------- |
-
-
-
-| Counters | Response types |
-| -------- | -------------- |
-
-
-DO NOT EDIT ABOVE THIS LINE - PLEASE ADD NOTES BELOW
\ No newline at end of file
diff --git a/generated_pages/techniques/T0019.002.md b/generated_pages/techniques/T0019.002.md
deleted file mode 100644
index 4ae8157..0000000
--- a/generated_pages/techniques/T0019.002.md
+++ /dev/null
@@ -1,17 +0,0 @@
-# Technique T0019.002: Hijack Hashtags
-
-* **Summary**: Hashtag hijacking occurs when users “[use] a trending hashtag to promote topics that are substantially different from its recent context” (VanDam and Tan, 2016) or “to promote one’s own social media agenda” (Darius and Stephany, 2019).
-
-* **Belongs to tactic stage**: TA06
-
-
-| Incident | Descriptions given for this incident |
-| -------- | -------------------- |
-
-
-
-| Counters | Response types |
-| -------- | -------------- |
-
-
-DO NOT EDIT ABOVE THIS LINE - PLEASE ADD NOTES BELOW
\ No newline at end of file
diff --git a/generated_pages/techniques/T0019.md b/generated_pages/techniques/T0019.md
deleted file mode 100644
index ab68f37..0000000
--- a/generated_pages/techniques/T0019.md
+++ /dev/null
@@ -1,32 +0,0 @@
-# Technique T0019: Generate Information Pollution
-
-* **Summary**: Flood social channels; drive traffic/engagement to all assets; create aura/sense/perception of pervasiveness/consensus (for or against or both simultaneously) of an issue or topic. "Nothing is true, but everything is possible." Akin to astroturfing campaign.
-
-* **Belongs to tactic stage**: TA06
-
-
-| Incident | Descriptions given for this incident |
-| -------- | -------------------- |
-| [I00002 #VaccinateUS](../../generated_pages/incidents/I00002.md) | create web-site - information pollution |
-| [I00005 Brexit vote](../../generated_pages/incidents/I00005.md) | RT & Sputnik generate information pollution |
-| [I00007 Incirlik terrorists](../../generated_pages/incidents/I00007.md) | RT & Sputnik generate information pollution (report an unreported false story/event) |
-| [I00009 PhilippinesExpert](../../generated_pages/incidents/I00009.md) | RT & Sputnik generate information pollution |
-| [I00017 US presidential elections](../../generated_pages/incidents/I00017.md) | RT & Sputnik generate information pollution |
-| [I00029 MH17 investigation](../../generated_pages/incidents/I00029.md) | RT & Sputnik generate information pollution (synthetic media) |
-| [I00032 Kavanaugh](../../generated_pages/incidents/I00032.md) | RT & Sputnik generate information pollution |
-| [I00044 JadeHelm exercise](../../generated_pages/incidents/I00044.md) | RT & Sputnik generate information pollution |
-| [I00049 White Helmets: Chemical Weapons](../../generated_pages/incidents/I00049.md) | RT & Sputnik generate information pollution (synthetic media) |
-| [I00050 #HandsOffVenezuela](../../generated_pages/incidents/I00050.md) | RT & Sputnik generate information pollution (synthetic media) |
-| [I00051 Integrity Initiative](../../generated_pages/incidents/I00051.md) | RT & Sputnik generate information pollution |
-| [I00063 Olympic Doping Scandal](../../generated_pages/incidents/I00063.md) | RT & Sputnik generate information pollution (synthetic media) |
-
-
-
-| Counters | Response types |
-| -------- | -------------- |
-| [C00071 Block source of pollution](../../generated_pages/counters/C00071.md) | D02 |
-| [C00072 Remove non-relevant content from special interest groups - not recommended](../../generated_pages/counters/C00072.md) | D02 |
-| [C00074 Identify and delete or rate limit identical content](../../generated_pages/counters/C00074.md) | D02 |
-
-
-DO NOT EDIT ABOVE THIS LINE - PLEASE ADD NOTES BELOW
\ No newline at end of file
diff --git a/generated_pages/techniques/T0020.md b/generated_pages/techniques/T0020.md
index 722ef4f..2d33115 100644
--- a/generated_pages/techniques/T0020.md
+++ b/generated_pages/techniques/T0020.md
@@ -2,13 +2,13 @@
**Summary**: Iteratively test incident performance (messages, content etc), e.g. A/B test headline/content enagagement metrics; website and/or funding campaign conversion rates
+**Tactic**: TA08 Conduct Pump Priming
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA08
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0021.md b/generated_pages/techniques/T0021.md
deleted file mode 100644
index 718299a..0000000
--- a/generated_pages/techniques/T0021.md
+++ /dev/null
@@ -1,40 +0,0 @@
-# Technique T0021: Develop Text-based Content
-
-* **Summary**:
-
-* **Belongs to tactic stage**: TA06
-
-
-| Incident | Descriptions given for this incident |
-| -------- | -------------------- |
-| [I00005 Brexit vote](../generated_pages/incidents/I00005.md) | Memes... anti-immigration; euroskepticism; fear, outrage, conspiracy narratives |
-| [I00017 US presidential elections](../generated_pages/incidents/I00017.md) | Memes... anti-immigration; euroskepticism; fear, outrage, conspiracy narratives |
-| [I00042 Saudi/Qatar bot dispute](../generated_pages/incidents/I00042.md) | memes |
-| [I00056 Iran Influence Operations](../generated_pages/incidents/I00056.md) | Memes... anti-Isreal/USA/West, conspiracy narratives |
-
-
-
-| Counters | Response types |
-| -------- | -------------- |
-| [C00008 Create shared fact-checking database](../generated_pages/counters/C00008.md) | D04 |
-| [C00011 Media literacy. Games to identify fake news](../generated_pages/counters/C00011.md) | D02 |
-| [C00012 Platform regulation](../generated_pages/counters/C00012.md) | D02 |
-| [C00014 Real-time updates to fact-checking database](../generated_pages/counters/C00014.md) | D04 |
-| [C00016 Censorship](../generated_pages/counters/C00016.md) | D02 |
-| [C00027 Create culture of civility](../generated_pages/counters/C00027.md) | D07 |
-| [C00046 Marginalise and discredit extremist groups](../generated_pages/counters/C00046.md) | D04 |
-| [C00072 Remove non-relevant content from special interest groups - not recommended](../generated_pages/counters/C00072.md) | D02 |
-| [C00073 Inoculate populations through media literacy training](../generated_pages/counters/C00073.md) | D02 |
-| [C00074 Identify and delete or rate limit identical content](../generated_pages/counters/C00074.md) | D02 |
-| [C00076 Prohibit images in political discourse channels](../generated_pages/counters/C00076.md) | D02 |
-| [C00085 Mute content](../generated_pages/counters/C00085.md) | D03 |
-| [C00107 Content moderation](../generated_pages/counters/C00107.md) | D02 |
-| [C00117 Downgrade / de-amplify so message is seen by fewer people](../generated_pages/counters/C00117.md) | D04 |
-| [C00118 Repurpose images with new text](../generated_pages/counters/C00118.md) | D04 |
-| [C00119 Engage payload and debunk.](../generated_pages/counters/C00119.md) | D07 |
-| [C00122 Content moderation](../generated_pages/counters/C00122.md) | D02 |
-| [C00176 Improve Coordination amongst stakeholders: public and private](../generated_pages/counters/C00176.md) | D07 |
-| [C00211 Use humorous counter-narratives](../generated_pages/counters/C00211.md) | D03 |
-
-
-DO NOT EDIT ABOVE THIS LINE - PLEASE ADD NOTES BELOW
\ No newline at end of file
diff --git a/generated_pages/techniques/T0022.001.md b/generated_pages/techniques/T0022.001.md
index 3d46293..1495435 100644
--- a/generated_pages/techniques/T0022.001.md
+++ b/generated_pages/techniques/T0022.001.md
@@ -2,13 +2,13 @@
**Summary**: An influence operation may amplify an existing conspiracy theory narrative that aligns with its incident or campaign goals. By amplifying existing conspiracy theory narratives, operators can leverage the power of the existing communities that support and propagate those theories without needing to expend resources creating new narratives or building momentum and buy in around new narratives.
+**Tactic**: TA14 Develop Narratives
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA14
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0022.002.md b/generated_pages/techniques/T0022.002.md
index 48dfa8c..40aa295 100644
--- a/generated_pages/techniques/T0022.002.md
+++ b/generated_pages/techniques/T0022.002.md
@@ -2,13 +2,13 @@
**Summary**: While this requires more resources than amplifying existing conspiracy theory narratives, an influence operation may develop original conspiracy theory narratives in order to achieve greater control and alignment over the narrative and their campaign goals. Prominent examples include the USSR's Operation INFEKTION disinformation campaign run by the KGB in the 1980s to plant the idea that the United States had invented HIV/AIDS as part of a biological weapons research project at Fort Detrick, Maryland. More recently, Fort Detrick featured prominently in a new conspiracy theory narratives around the origins of the COVID-19 outbreak and pandemic.
+**Tactic**: TA14 Develop Narratives
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA14
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0022.md b/generated_pages/techniques/T0022.md
index 1b3df64..5176ee4 100644
--- a/generated_pages/techniques/T0022.md
+++ b/generated_pages/techniques/T0022.md
@@ -2,13 +2,13 @@
**Summary**: "Conspiracy narratives" appeal to the human desire for explanatory order, by invoking the participation of poweful (often sinister) actors in pursuit of their own political goals. These narratives are especially appealing when an audience is low-information, marginalised or otherwise inclined to reject the prevailing explanation. Conspiracy narratives are an important component of the "firehose of falsehoods" model.
+**Tactic**: TA14 Develop Narratives
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA14
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0023.001.md b/generated_pages/techniques/T0023.001.md
index 101906c..38187b5 100644
--- a/generated_pages/techniques/T0023.001.md
+++ b/generated_pages/techniques/T0023.001.md
@@ -2,13 +2,13 @@
**Summary**: Reframing context refers to removing an event from its surrounding context to distort its intended meaning. Rather than deny that an event occurred, reframing context frames an event in a manner that may lead the target audience to draw a different conclusion about its intentions.
+**Tactic**: TA06 Develop Content
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA06
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0023.002.md b/generated_pages/techniques/T0023.002.md
index 22160b1..a16ab48 100644
--- a/generated_pages/techniques/T0023.002.md
+++ b/generated_pages/techniques/T0023.002.md
@@ -2,13 +2,13 @@
**Summary**: An influence operation may edit open-source content, such as collaborative blogs or encyclopaedias, to promote its narratives on outlets with existing credibility and audiences. Editing open-source content may allow an operation to post content on platforms without dedicating resources to the creation and maintenance of its own assets.
+**Tactic**: TA06 Develop Content
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA06
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0023.md b/generated_pages/techniques/T0023.md
index c6f9736..de4aec2 100644
--- a/generated_pages/techniques/T0023.md
+++ b/generated_pages/techniques/T0023.md
@@ -2,13 +2,13 @@
**Summary**: Change, twist, or exaggerate existing facts to construct a narrative that differs from reality. Examples: images and ideas can be distorted by being placed in an improper content
+**Tactic**: TA06 Develop Content
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA06
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0024.md b/generated_pages/techniques/T0024.md
deleted file mode 100644
index dd66965..0000000
--- a/generated_pages/techniques/T0024.md
+++ /dev/null
@@ -1,36 +0,0 @@
-# Technique T0024: Develop Audio-based Content
-
-* **Summary**:
-
-* **Belongs to tactic stage**: TA06
-
-
-| Incident | Descriptions given for this incident |
-| -------- | -------------------- |
-| [I00006 Columbian Chemicals](../generated_pages/incidents/I00006.md) | Fake video/images |
-| [I00042 Saudi/Qatar bot dispute](../generated_pages/incidents/I00042.md) | photoshopped/fake images |
-
-
-
-| Counters | Response types |
-| -------- | -------------- |
-| [C00008 Create shared fact-checking database](../generated_pages/counters/C00008.md) | D04 |
-| [C00011 Media literacy. Games to identify fake news](../generated_pages/counters/C00011.md) | D02 |
-| [C00012 Platform regulation](../generated_pages/counters/C00012.md) | D02 |
-| [C00014 Real-time updates to fact-checking database](../generated_pages/counters/C00014.md) | D04 |
-| [C00016 Censorship](../generated_pages/counters/C00016.md) | D02 |
-| [C00085 Mute content](../generated_pages/counters/C00085.md) | D03 |
-| [C00096 Strengthen institutions that are always truth tellers](../generated_pages/counters/C00096.md) | D07 |
-| [C00107 Content moderation](../generated_pages/counters/C00107.md) | D02 |
-| [C00117 Downgrade / de-amplify so message is seen by fewer people](../generated_pages/counters/C00117.md) | D04 |
-| [C00118 Repurpose images with new text](../generated_pages/counters/C00118.md) | D04 |
-| [C00119 Engage payload and debunk.](../generated_pages/counters/C00119.md) | D07 |
-| [C00122 Content moderation](../generated_pages/counters/C00122.md) | D02 |
-| [C00143 (botnet) DMCA takedown requests to waste group time](../generated_pages/counters/C00143.md) | D04 |
-| [C00176 Improve Coordination amongst stakeholders: public and private](../generated_pages/counters/C00176.md) | D07 |
-| [C00195 Redirect searches away from disinformation or extremist content ](../generated_pages/counters/C00195.md) | D02 |
-| [C00211 Use humorous counter-narratives](../generated_pages/counters/C00211.md) | D03 |
-| [C00219 Add metadata to content that’s out of the control of disinformation creators](../generated_pages/counters/C00219.md) | D04 |
-
-
-DO NOT EDIT ABOVE THIS LINE - PLEASE ADD NOTES BELOW
\ No newline at end of file
diff --git a/generated_pages/techniques/T0025.md b/generated_pages/techniques/T0025.md
deleted file mode 100644
index be15f11..0000000
--- a/generated_pages/techniques/T0025.md
+++ /dev/null
@@ -1,44 +0,0 @@
-# Technique T0025: Generate information pollution
-
-* **Summary**: Flood social channels; drive traffic/engagement to all assets; create aura/sense/perception of pervasiveness/consensus (for or against or both simultaneously) of an issue or topic. "Nothing is true, but everything is possible." Akin to astroturfing campaign.
-
-* **Belongs to tactic stage**: TA06
-
-
-| Incident | Descriptions given for this incident |
-| -------- | -------------------- |
-| [I00015 ConcordDiscovery](../generated_pages/incidents/I00015.md) | Forge ('release' altered hacked documents), hack/leak/manipulate/distort |
-| [I00017 US presidential elections](../generated_pages/incidents/I00017.md) | hack/leak/manipulate/distort |
-| [I00022 #Macronleaks](../generated_pages/incidents/I00022.md) | hack/leak/manipulate/distort |
-| [I00051 Integrity Initiative](../generated_pages/incidents/I00051.md) | hack/leak/manipulate/distort |
-
-
-
-| Counters | Response types |
-| -------- | -------------- |
-| [C00008 Create shared fact-checking database](../generated_pages/counters/C00008.md) | D04 |
-| [C00011 Media literacy. Games to identify fake news](../generated_pages/counters/C00011.md) | D02 |
-| [C00012 Platform regulation](../generated_pages/counters/C00012.md) | D02 |
-| [C00014 Real-time updates to fact-checking database](../generated_pages/counters/C00014.md) | D04 |
-| [C00016 Censorship](../generated_pages/counters/C00016.md) | D02 |
-| [C00073 Inoculate populations through media literacy training](../generated_pages/counters/C00073.md) | D02 |
-| [C00074 Identify and delete or rate limit identical content](../generated_pages/counters/C00074.md) | D02 |
-| [C00082 Ground truthing as automated response to pollution](../generated_pages/counters/C00082.md) | D03 |
-| [C00085 Mute content](../generated_pages/counters/C00085.md) | D03 |
-| [C00096 Strengthen institutions that are always truth tellers](../generated_pages/counters/C00096.md) | D07 |
-| [C00107 Content moderation](../generated_pages/counters/C00107.md) | D02 |
-| [C00117 Downgrade / de-amplify so message is seen by fewer people](../generated_pages/counters/C00117.md) | D04 |
-| [C00119 Engage payload and debunk.](../generated_pages/counters/C00119.md) | D07 |
-| [C00122 Content moderation](../generated_pages/counters/C00122.md) | D02 |
-| [C00165 Ensure integrity of official documents](../generated_pages/counters/C00165.md) | D02 |
-| [C00176 Improve Coordination amongst stakeholders: public and private](../generated_pages/counters/C00176.md) | D07 |
-| [C00190 open engagement with civil society](../generated_pages/counters/C00190.md) | D03 |
-| [C00195 Redirect searches away from disinformation or extremist content ](../generated_pages/counters/C00195.md) | D02 |
-| [C00200 Respected figure (influencer) disavows misinfo](../generated_pages/counters/C00200.md) | D03 |
-| [C00202 Set data 'honeytraps'](../generated_pages/counters/C00202.md) | D02 |
-| [C00205 strong dialogue between the federal government and private sector to encourage better reporting](../generated_pages/counters/C00205.md) | D03 |
-| [C00211 Use humorous counter-narratives](../generated_pages/counters/C00211.md) | D03 |
-| [C00219 Add metadata to content that’s out of the control of disinformation creators](../generated_pages/counters/C00219.md) | D04 |
-
-
-DO NOT EDIT ABOVE THIS LINE - PLEASE ADD NOTES BELOW
\ No newline at end of file
diff --git a/generated_pages/techniques/T0026.md b/generated_pages/techniques/T0026.md
deleted file mode 100644
index 4f67c48..0000000
--- a/generated_pages/techniques/T0026.md
+++ /dev/null
@@ -1,38 +0,0 @@
-# Technique T0026: Distort facts
-
-* **Summary**: Change, twist, or exaggerate existing facts to construct a narrative that differs from reality. Examples: images and ideas can be distorted by being placed in an improper content
-
-* **Belongs to tactic stage**: TA06
-
-
-| Incident | Descriptions given for this incident |
-| -------- | -------------------- |
-
-
-
-| Counters | Response types |
-| -------- | -------------- |
-| [C00008 Create shared fact-checking database](../generated_pages/counters/C00008.md) | D04 |
-| [C00011 Media literacy. Games to identify fake news](../generated_pages/counters/C00011.md) | D02 |
-| [C00012 Platform regulation](../generated_pages/counters/C00012.md) | D02 |
-| [C00014 Real-time updates to fact-checking database](../generated_pages/counters/C00014.md) | D04 |
-| [C00016 Censorship](../generated_pages/counters/C00016.md) | D02 |
-| [C00073 Inoculate populations through media literacy training](../generated_pages/counters/C00073.md) | D02 |
-| [C00074 Identify and delete or rate limit identical content](../generated_pages/counters/C00074.md) | D02 |
-| [C00081 Highlight flooding and noise, and explain motivations](../generated_pages/counters/C00081.md) | D03 |
-| [C00082 Ground truthing as automated response to pollution](../generated_pages/counters/C00082.md) | D03 |
-| [C00085 Mute content](../generated_pages/counters/C00085.md) | D03 |
-| [C00094 Force full disclosure on corporate sponsor of research](../generated_pages/counters/C00094.md) | D04 |
-| [C00096 Strengthen institutions that are always truth tellers](../generated_pages/counters/C00096.md) | D07 |
-| [C00107 Content moderation](../generated_pages/counters/C00107.md) | D02 |
-| [C00117 Downgrade / de-amplify so message is seen by fewer people](../generated_pages/counters/C00117.md) | D04 |
-| [C00119 Engage payload and debunk.](../generated_pages/counters/C00119.md) | D07 |
-| [C00122 Content moderation](../generated_pages/counters/C00122.md) | D02 |
-| [C00176 Improve Coordination amongst stakeholders: public and private](../generated_pages/counters/C00176.md) | D07 |
-| [C00195 Redirect searches away from disinformation or extremist content ](../generated_pages/counters/C00195.md) | D02 |
-| [C00211 Use humorous counter-narratives](../generated_pages/counters/C00211.md) | D03 |
-| [C00211 Use humorous counter-narratives](../generated_pages/counters/C00211.md) | D03 |
-| [C00219 Add metadata to content that’s out of the control of disinformation creators](../generated_pages/counters/C00219.md) | D04 |
-
-
-DO NOT EDIT ABOVE THIS LINE - PLEASE ADD NOTES BELOW
\ No newline at end of file
diff --git a/generated_pages/techniques/T0027.md b/generated_pages/techniques/T0027.md
deleted file mode 100644
index df5f1e0..0000000
--- a/generated_pages/techniques/T0027.md
+++ /dev/null
@@ -1,57 +0,0 @@
-# Technique T0027: Create hashtags and search artifacts
-
-* **Summary**: Create one or more hashtags and/or hashtag groups. Many incident-based campaigns will create hashtags to promote their fabricated event. Creating a hashtag for an incident can have two important effects: 1. Create a perception of reality around an event. Certainly only "real" events would be discussed in a hashtag. After all, the event has a name!, and 2. Publicize the story more widely through trending lists and search behavior. Asset needed to direct/control/manage "conversation" connected to launching new incident/campaign with new hashtag for applicable social media sites).
-
-* **Belongs to tactic stage**: TA06
-
-
-| Incident | Descriptions given for this incident |
-| -------- | -------------------- |
-
-
-
-| Counters | Response types |
-| -------- | -------------- |
-| [C00008 Create shared fact-checking database](../generated_pages/counters/C00008.md) | D04 |
-| [C00011 Media literacy. Games to identify fake news](../generated_pages/counters/C00011.md) | D02 |
-| [C00013 Rating framework for news](../generated_pages/counters/C00013.md) | D02 |
-| [C00014 Real-time updates to fact-checking database](../generated_pages/counters/C00014.md) | D04 |
-| [C00016 Censorship](../generated_pages/counters/C00016.md) | D02 |
-| [C00017 Repair broken social connections](../generated_pages/counters/C00017.md) | D03 |
-| [C00019 Reduce effect of division-enablers](../generated_pages/counters/C00019.md) | D03 |
-| [C00021 Encourage in-person communication](../generated_pages/counters/C00021.md) | D04 |
-| [C00022 Innoculate. Positive campaign to promote feeling of safety](../generated_pages/counters/C00022.md) | D04 |
-| [C00024 Promote healthy narratives](../generated_pages/counters/C00024.md) | D04 |
-| [C00027 Create culture of civility](../generated_pages/counters/C00027.md) | D07 |
-| [C00029 Create fake website to issue counter narrative and counter narrative through physical merchandise](../generated_pages/counters/C00029.md) | D03 |
-| [C00030 Develop a compelling counter narrative (truth based)](../generated_pages/counters/C00030.md) | D03 |
-| [C00031 Dilute the core narrative - create multiple permutations, target / amplify](../generated_pages/counters/C00031.md) | D03 |
-| [C00042 Address truth contained in narratives](../generated_pages/counters/C00042.md) | D04 |
-| [C00046 Marginalise and discredit extremist groups](../generated_pages/counters/C00046.md) | D04 |
-| [C00072 Remove non-relevant content from special interest groups - not recommended](../generated_pages/counters/C00072.md) | D02 |
-| [C00073 Inoculate populations through media literacy training](../generated_pages/counters/C00073.md) | D02 |
-| [C00080 Create competing narrative](../generated_pages/counters/C00080.md) | D03 |
-| [C00081 Highlight flooding and noise, and explain motivations](../generated_pages/counters/C00081.md) | D03 |
-| [C00082 Ground truthing as automated response to pollution](../generated_pages/counters/C00082.md) | D03 |
-| [C00084 Modify disinformation narratives, and rebroadcast them](../generated_pages/counters/C00084.md) | D03 |
-| [C00096 Strengthen institutions that are always truth tellers](../generated_pages/counters/C00096.md) | D07 |
-| [C00107 Content moderation](../generated_pages/counters/C00107.md) | D02 |
-| [C00125 Prebunking](../generated_pages/counters/C00125.md) | D03 |
-| [C00126 Social media amber alert](../generated_pages/counters/C00126.md) | D03 |
-| [C00156 Better tell your country or organization story](../generated_pages/counters/C00156.md) | D03 |
-| [C00161 Coalition Building with stakeholders and Third-Party Inducements](../generated_pages/counters/C00161.md) | D07 |
-| [C00162 Unravel/target the Potemkin villages](../generated_pages/counters/C00162.md) | D03 |
-| [C00164 compatriot policy](../generated_pages/counters/C00164.md) | D03 |
-| [C00169 develop a creative content hub](../generated_pages/counters/C00169.md) | D03 |
-| [C00174 Create a healthier news environment](../generated_pages/counters/C00174.md) | D02 |
-| [C00176 Improve Coordination amongst stakeholders: public and private](../generated_pages/counters/C00176.md) | D07 |
-| [C00188 Newsroom/Journalist training to counter influence moves](../generated_pages/counters/C00188.md) | D03 |
-| [C00190 open engagement with civil society](../generated_pages/counters/C00190.md) | D03 |
-| [C00195 Redirect searches away from disinformation or extremist content ](../generated_pages/counters/C00195.md) | D02 |
-| [C00200 Respected figure (influencer) disavows misinfo](../generated_pages/counters/C00200.md) | D03 |
-| [C00203 Stop offering press credentials to propaganda outlets](../generated_pages/counters/C00203.md) | D03 |
-| [C00205 strong dialogue between the federal government and private sector to encourage better reporting](../generated_pages/counters/C00205.md) | D03 |
-| [C00211 Use humorous counter-narratives](../generated_pages/counters/C00211.md) | D03 |
-
-
-DO NOT EDIT ABOVE THIS LINE - PLEASE ADD NOTES BELOW
\ No newline at end of file
diff --git a/generated_pages/techniques/T0028.md b/generated_pages/techniques/T0028.md
deleted file mode 100644
index 364f47e..0000000
--- a/generated_pages/techniques/T0028.md
+++ /dev/null
@@ -1,38 +0,0 @@
-# Technique T0028: Obtain Private Documents
-
-* **Summary**:
-
-* **Belongs to tactic stage**: TA06
-
-
-| Incident | Descriptions given for this incident |
-| -------- | -------------------- |
-
-
-
-| Counters | Response types |
-| -------- | -------------- |
-| [C00008 Create shared fact-checking database](../generated_pages/counters/C00008.md) | D04 |
-| [C00011 Media literacy. Games to identify fake news](../generated_pages/counters/C00011.md) | D02 |
-| [C00013 Rating framework for news](../generated_pages/counters/C00013.md) | D02 |
-| [C00014 Real-time updates to fact-checking database](../generated_pages/counters/C00014.md) | D04 |
-| [C00016 Censorship](../generated_pages/counters/C00016.md) | D02 |
-| [C00017 Repair broken social connections](../generated_pages/counters/C00017.md) | D03 |
-| [C00019 Reduce effect of division-enablers](../generated_pages/counters/C00019.md) | D03 |
-| [C00021 Encourage in-person communication](../generated_pages/counters/C00021.md) | D04 |
-| [C00022 Innoculate. Positive campaign to promote feeling of safety](../generated_pages/counters/C00022.md) | D04 |
-| [C00024 Promote healthy narratives](../generated_pages/counters/C00024.md) | D04 |
-| [C00027 Create culture of civility](../generated_pages/counters/C00027.md) | D07 |
-| [C00029 Create fake website to issue counter narrative and counter narrative through physical merchandise](../generated_pages/counters/C00029.md) | D03 |
-| [C00030 Develop a compelling counter narrative (truth based)](../generated_pages/counters/C00030.md) | D03 |
-| [C00031 Dilute the core narrative - create multiple permutations, target / amplify](../generated_pages/counters/C00031.md) | D03 |
-| [C00042 Address truth contained in narratives](../generated_pages/counters/C00042.md) | D04 |
-| [C00080 Create competing narrative](../generated_pages/counters/C00080.md) | D03 |
-| [C00081 Highlight flooding and noise, and explain motivations](../generated_pages/counters/C00081.md) | D03 |
-| [C00082 Ground truthing as automated response to pollution](../generated_pages/counters/C00082.md) | D03 |
-| [C00084 Modify disinformation narratives, and rebroadcast them](../generated_pages/counters/C00084.md) | D03 |
-| [C00203 Stop offering press credentials to propaganda outlets](../generated_pages/counters/C00203.md) | D03 |
-| [C00211 Use humorous counter-narratives](../generated_pages/counters/C00211.md) | D03 |
-
-
-DO NOT EDIT ABOVE THIS LINE - PLEASE ADD NOTES BELOW
\ No newline at end of file
diff --git a/generated_pages/techniques/T0029.md b/generated_pages/techniques/T0029.md
index 69b66c1..d72b343 100644
--- a/generated_pages/techniques/T0029.md
+++ b/generated_pages/techniques/T0029.md
@@ -2,13 +2,13 @@
**Summary**: Create fake online polls, or manipulate existing online polls. Data gathering tactic to target those who engage, and potentially their networks of friends/followers as well
+**Tactic**: TA07 Select Channels and Affordances
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA07
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0030.md b/generated_pages/techniques/T0030.md
deleted file mode 100644
index eef8f0b..0000000
--- a/generated_pages/techniques/T0030.md
+++ /dev/null
@@ -1,25 +0,0 @@
-# Technique T0030: Recruit bad actors
-
-* **Summary**:
-
-* **Belongs to tactic stage**: TA15
-
-
-| Incident | Descriptions given for this incident |
-| -------- | -------------------- |
-| [I00005 Brexit vote](../generated_pages/incidents/I00005.md) | Backstop personas |
-| [I00017 US presidential elections](../generated_pages/incidents/I00017.md) | Backstop personas |
-
-
-
-| Counters | Response types |
-| -------- | -------------- |
-| [C00034 Create more friction at account creation](../generated_pages/counters/C00034.md) | D04 |
-| [C00036 Infiltrate the in-group to discredit leaders (divide)](../generated_pages/counters/C00036.md) | D02 |
-| [C00052 Infiltrate platforms](../generated_pages/counters/C00052.md) | D04 |
-| [C00053 Delete old accounts / Remove unused social media accounts](../generated_pages/counters/C00053.md) | D04 |
-| [C00097 Require use of verified identities to contribute to poll or comment](../generated_pages/counters/C00097.md) | D02 |
-| [C00099 Strengthen verification methods](../generated_pages/counters/C00099.md) | D02 |
-
-
-DO NOT EDIT ABOVE THIS LINE - PLEASE ADD NOTES BELOW
\ No newline at end of file
diff --git a/generated_pages/techniques/T0031.md b/generated_pages/techniques/T0031.md
deleted file mode 100644
index 84f4919..0000000
--- a/generated_pages/techniques/T0031.md
+++ /dev/null
@@ -1,27 +0,0 @@
-# Technique T0031: Cultivate ignorant agents
-
-* **Summary**: Cultivate propagandists for a cause, the goals of which are not fully comprehended, and who are used cynically by the leaders of the cause. Independent actors use social media and specialised web sites to strategically reinforce and spread messages compatible with their own. Their networks are infiltrated and used by state media disinformation organisations to amplify the state’s own disinformation strategies against target populations. Many are traffickers in conspiracy theories or hoaxes, unified by a suspicion of Western governments and mainstream media. Their narratives, which appeal to leftists hostile to globalism and military intervention and nationalists against immigration, are frequently infiltrated and shaped by state-controlled trolls and altered news items from agencies such as RT and Sputnik. Also know as "useful idiots" or "unwitting agents".
-
-* **Belongs to tactic stage**: TA15
-
-
-| Incident | Descriptions given for this incident |
-| -------- | -------------------- |
-| [I00005 Brexit vote](../generated_pages/incidents/I00005.md) | YouTube; Reddit; LinkedIn; Pinterest; WhatsApp? |
-| [I00010 ParklandTeens](../generated_pages/incidents/I00010.md) | YouTube; Reddit |
-| [I00017 US presidential elections](../generated_pages/incidents/I00017.md) | YouTube; Reddit; (Instagram, LinkedIn; Pinterest; WhatsApp?) |
-| [I00029 MH17 investigation](../generated_pages/incidents/I00029.md) | YouTube; Reddit; |
-| [I00032 Kavanaugh](../generated_pages/incidents/I00032.md) | YouTube; Reddit; (Instagram, LinkedIn; Pinterest; WhatsApp?) |
-| [I00044 JadeHelm exercise](../generated_pages/incidents/I00044.md) | YouTube; Reddit |
-| [I00049 White Helmets: Chemical Weapons](../generated_pages/incidents/I00049.md) | YouTube; Reddit; |
-| [I00050 #HandsOffVenezuela](../generated_pages/incidents/I00050.md) | YouTube; Reddit; |
-| [I00051 Integrity Initiative](../generated_pages/incidents/I00051.md) | YouTube; Reddit |
-| [I00063 Olympic Doping Scandal](../generated_pages/incidents/I00063.md) | YouTube; Reddit; |
-
-
-
-| Counters | Response types |
-| -------- | -------------- |
-
-
-DO NOT EDIT ABOVE THIS LINE - PLEASE ADD NOTES BELOW
\ No newline at end of file
diff --git a/generated_pages/techniques/T0032.md b/generated_pages/techniques/T0032.md
deleted file mode 100644
index 00a7f91..0000000
--- a/generated_pages/techniques/T0032.md
+++ /dev/null
@@ -1,27 +0,0 @@
-# Technique T0032: Build Network
-
-* **Summary**:
-
-* **Belongs to tactic stage**: TA15
-
-
-| Incident | Descriptions given for this incident |
-| -------- | -------------------- |
-| [I00005 Brexit vote](../generated_pages/incidents/I00005.md) | YouTube; Reddit; LinkedIn; Pinterest; WhatsApp? |
-| [I00010 ParklandTeens](../generated_pages/incidents/I00010.md) | YouTube; Reddit |
-| [I00017 US presidential elections](../generated_pages/incidents/I00017.md) | YouTube; Reddit; (Instagram, LinkedIn; Pinterest; WhatsApp?) |
-| [I00029 MH17 investigation](../generated_pages/incidents/I00029.md) | YouTube; Reddit; |
-| [I00032 Kavanaugh](../generated_pages/incidents/I00032.md) | YouTube; Reddit; (Instagram, LinkedIn; Pinterest; WhatsApp?) |
-| [I00044 JadeHelm exercise](../generated_pages/incidents/I00044.md) | YouTube; Reddit |
-| [I00049 White Helmets: Chemical Weapons](../generated_pages/incidents/I00049.md) | YouTube; Reddit; |
-| [I00050 #HandsOffVenezuela](../generated_pages/incidents/I00050.md) | YouTube; Reddit; |
-| [I00051 Integrity Initiative](../generated_pages/incidents/I00051.md) | YouTube; Reddit |
-| [I00063 Olympic Doping Scandal](../generated_pages/incidents/I00063.md) | YouTube; Reddit; |
-
-
-
-| Counters | Response types |
-| -------- | -------------- |
-
-
-DO NOT EDIT ABOVE THIS LINE - PLEASE ADD NOTES BELOW
\ No newline at end of file
diff --git a/generated_pages/techniques/T0033.md b/generated_pages/techniques/T0033.md
deleted file mode 100644
index 2fdc86f..0000000
--- a/generated_pages/techniques/T0033.md
+++ /dev/null
@@ -1,19 +0,0 @@
-# Technique T0033: Acquire/ recruit Network
-
-* **Summary**:
-
-* **Belongs to tactic stage**: TA15
-
-
-| Incident | Descriptions given for this incident |
-| -------- | -------------------- |
-| [I00017 US presidential elections](../generated_pages/incidents/I00017.md) | YouTube; Reddit; (Instagram, LinkedIn; Pinterest; WhatsApp?) |
-| [I00032 Kavanaugh](../generated_pages/incidents/I00032.md) | YouTube; Reddit; (Instagram, LinkedIn; Pinterest; WhatsApp?) |
-
-
-
-| Counters | Response types |
-| -------- | -------------- |
-
-
-DO NOT EDIT ABOVE THIS LINE - PLEASE ADD NOTES BELOW
\ No newline at end of file
diff --git a/generated_pages/techniques/T0034.md b/generated_pages/techniques/T0034.md
deleted file mode 100644
index 0e11624..0000000
--- a/generated_pages/techniques/T0034.md
+++ /dev/null
@@ -1,20 +0,0 @@
-# Technique T0034: Infiltrate Existing Networks
-
-* **Summary**:
-
-* **Belongs to tactic stage**: TA15
-
-
-| Incident | Descriptions given for this incident |
-| -------- | -------------------- |
-| [I00005 Brexit vote](../generated_pages/incidents/I00005.md) | YouTube; Reddit; LinkedIn; Pinterest; WhatsApp? |
-| [I00017 US presidential elections](../generated_pages/incidents/I00017.md) | YouTube; Reddit; (Instagram, LinkedIn; Pinterest; WhatsApp?) |
-| [I00032 Kavanaugh](../generated_pages/incidents/I00032.md) | YouTube; Reddit; (Instagram, LinkedIn; Pinterest; WhatsApp?) |
-
-
-
-| Counters | Response types |
-| -------- | -------------- |
-
-
-DO NOT EDIT ABOVE THIS LINE - PLEASE ADD NOTES BELOW
\ No newline at end of file
diff --git a/generated_pages/techniques/T0035.md b/generated_pages/techniques/T0035.md
deleted file mode 100644
index 8509c58..0000000
--- a/generated_pages/techniques/T0035.md
+++ /dev/null
@@ -1,20 +0,0 @@
-# Technique T0035: Create Inauthentic Social Media Pages and Groups
-
-* **Summary**: Create key social engineering assets needed to amplify content, manipulate algorithms, fool public and/or specific incident/campaign targets. Computational propaganda depends substantially on false perceptions of credibility and acceptance. By creating fake users and groups with a variety of interests and commitments, attackers can ensure that their messages both come from trusted sources and appear more widely adopted than they actually are.
-
-* **Belongs to tactic stage**: TA15
-
-
-| Incident | Descriptions given for this incident |
-| -------- | -------------------- |
-| [I00005 Brexit vote](../generated_pages/incidents/I00005.md) | YouTube; Reddit; LinkedIn; Pinterest; WhatsApp? |
-| [I00017 US presidential elections](../generated_pages/incidents/I00017.md) | YouTube; Reddit; (Instagram, LinkedIn; Pinterest; WhatsApp?) |
-| [I00032 Kavanaugh](../generated_pages/incidents/I00032.md) | YouTube; Reddit; (Instagram, LinkedIn; Pinterest; WhatsApp?) |
-
-
-
-| Counters | Response types |
-| -------- | -------------- |
-
-
-DO NOT EDIT ABOVE THIS LINE - PLEASE ADD NOTES BELOW
\ No newline at end of file
diff --git a/generated_pages/techniques/T0036.md b/generated_pages/techniques/T0036.md
deleted file mode 100644
index b3d3589..0000000
--- a/generated_pages/techniques/T0036.md
+++ /dev/null
@@ -1,20 +0,0 @@
-# Technique T0036: Create inauthentic websites
-
-* **Summary**: Create media assets to support inauthentic organizations (e.g. think tank), people (e.g. experts) and/or serve as sites to distribute malware/launch phishing operations.
-
-* **Belongs to tactic stage**: TA15
-
-
-| Incident | Descriptions given for this incident |
-| -------- | -------------------- |
-| [I00005 Brexit vote](../generated_pages/incidents/I00005.md) | YouTube; Reddit; LinkedIn; Pinterest; WhatsApp? |
-| [I00017 US presidential elections](../generated_pages/incidents/I00017.md) | YouTube; Reddit; (Instagram, LinkedIn; Pinterest; WhatsApp?) |
-| [I00032 Kavanaugh](../generated_pages/incidents/I00032.md) | YouTube; Reddit; (Instagram, LinkedIn; Pinterest; WhatsApp?) |
-
-
-
-| Counters | Response types |
-| -------- | -------------- |
-
-
-DO NOT EDIT ABOVE THIS LINE - PLEASE ADD NOTES BELOW
\ No newline at end of file
diff --git a/generated_pages/techniques/T0037.md b/generated_pages/techniques/T0037.md
deleted file mode 100644
index 3ffa563..0000000
--- a/generated_pages/techniques/T0037.md
+++ /dev/null
@@ -1,17 +0,0 @@
-# Technique T0037: Prepare Physical Broadcast Capabilities
-
-* **Summary**: Create or coopt broadcast capabilities (e.g. TV, radio etc).
-
-* **Belongs to tactic stage**: TA15
-
-
-| Incident | Descriptions given for this incident |
-| -------- | -------------------- |
-
-
-
-| Counters | Response types |
-| -------- | -------------- |
-
-
-DO NOT EDIT ABOVE THIS LINE - PLEASE ADD NOTES BELOW
\ No newline at end of file
diff --git a/generated_pages/techniques/T0038.md b/generated_pages/techniques/T0038.md
deleted file mode 100644
index 2749ab4..0000000
--- a/generated_pages/techniques/T0038.md
+++ /dev/null
@@ -1,18 +0,0 @@
-# Technique T0038: Develop Owned Media Assets
-
-* **Summary**: An owned media asset refers to an agency or organization through which an influence operation may create, develop, and host content and narratives. Owned media assets include websites, blogs, social media pages, forums, and other platforms that facilitate the creation and organization of content.
-
-* **Belongs to tactic stage**: TA15
-
-
-| Incident | Descriptions given for this incident |
-| -------- | -------------------- |
-
-
-
-| Counters | Response types |
-| -------- | -------------- |
-| [C00098 Revocation of allowlisted or "verified" status](../generated_pages/counters/C00098.md) | D02 |
-
-
-DO NOT EDIT ABOVE THIS LINE - PLEASE ADD NOTES BELOW
\ No newline at end of file
diff --git a/generated_pages/techniques/T0039 .md b/generated_pages/techniques/T0039 .md
deleted file mode 100644
index 5ae786d..0000000
--- a/generated_pages/techniques/T0039 .md
+++ /dev/null
@@ -1,17 +0,0 @@
-# Technique T0039 : Bait legitimate influencers
-
-* **Summary**: Credibility in a social media environment is often a function of the size of a user's network. "Influencers" are so-called because of their reach, typically understood as: 1) the size of their network (i.e. the number of followers, perhaps weighted by their own influence); and 2) The rate at which their comments are re-circulated (these two metrics are related). Add traditional media players at all levels of credibility and professionalism to this, and the number of potential influencial carriers available for unwitting amplification becomes substantial. By targeting high-influence people and organizations in all types of media with narratives and content engineered to appeal their emotional or ideological drivers, influence campaigns are able to add perceived credibility to their messaging via saturation and adoption by trusted agents such as celebrities, journalists and local leaders.
-
-* **Belongs to tactic stage**: TA08
-
-
-| Incident | Descriptions given for this incident |
-| -------- | -------------------- |
-
-
-
-| Counters | Response types |
-| -------- | -------------- |
-
-
-DO NOT EDIT ABOVE THIS LINE - PLEASE ADD NOTES BELOW
\ No newline at end of file
diff --git a/generated_pages/techniques/T0039.md b/generated_pages/techniques/T0039.md
index f33e6ad..2ebf287 100644
--- a/generated_pages/techniques/T0039.md
+++ b/generated_pages/techniques/T0039.md
@@ -2,13 +2,13 @@
**Summary**: Influencers are people on social media platforms who have large audiences.
Threat Actors can try to trick Influencers such as celebrities, journalists, or local leaders who aren’t associated with their campaign into amplifying campaign content. This gives them access to the Influencer’s audience without having to go through the effort of building it themselves, and it helps legitimise their message by associating it with the Influencer, benefitting from their audience’s trust in them.
+**Tactic**: TA17 Maximise Exposure
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA17
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0040.md b/generated_pages/techniques/T0040.md
index f6a6ab4..20b67c2 100644
--- a/generated_pages/techniques/T0040.md
+++ b/generated_pages/techniques/T0040.md
@@ -2,13 +2,13 @@
**Summary**: Campaigns often leverage tactical and informational asymmetries on the threat surface, as seen in the Distort and Deny strategies, and the "firehose of misinformation". Specifically, conspiracy theorists can be repeatedly wrong, but advocates of the truth need to be perfect. By constantly escalating demands for proof, propagandists can effectively leverage this asymmetry while also priming its future use, often with an even greater asymmetric advantage. The conspiracist is offered freer rein for a broader range of "questions" while the truth teller is burdened with higher and higher standards of proof.
+**Tactic**: TA14 Develop Narratives
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA14
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0041.md b/generated_pages/techniques/T0041.md
deleted file mode 100644
index eca511e..0000000
--- a/generated_pages/techniques/T0041.md
+++ /dev/null
@@ -1,20 +0,0 @@
-# Technique T0041: Compromise legitimate accounts
-
-* **Summary**: Hack or take over legimate accounts to distribute misinformation or damaging content.
-
-* **Belongs to tactic stage**: TA16
-
-
-| Incident | Descriptions given for this incident |
-| -------- | -------------------- |
-
-
-
-| Counters | Response types |
-| -------- | -------------- |
-| [C00115 Expose actor and intentions](../generated_pages/counters/C00115.md) | D02 |
-| [C00116 Provide proof of involvement](../generated_pages/counters/C00116.md) | D02 |
-| [C00184 Media exposure](../generated_pages/counters/C00184.md) | D04 |
-
-
-DO NOT EDIT ABOVE THIS LINE - PLEASE ADD NOTES BELOW
\ No newline at end of file
diff --git a/generated_pages/techniques/T0042.md b/generated_pages/techniques/T0042.md
index 8bc96b0..7e09d9e 100644
--- a/generated_pages/techniques/T0042.md
+++ b/generated_pages/techniques/T0042.md
@@ -2,13 +2,13 @@
**Summary**: Wrap lies or altered context/facts around truths. Influence campaigns pursue a variety of objectives with respect to target audiences, prominent among them: 1. undermine a narrative commonly referenced in the target audience; or 2. promote a narrative less common in the target audience, but preferred by the attacker. In both cases, the attacker is presented with a heavy lift. They must change the relative importance of various narratives in the interpretation of events, despite contrary tendencies. When messaging makes use of factual reporting to promote these adjustments in the narrative space, they are less likely to be dismissed out of hand; when messaging can juxtapose a (factual) truth about current affairs with the (abstract) truth explicated in these narratives, propagandists can undermine or promote them selectively. Context matters.
+**Tactic**: TA08 Conduct Pump Priming
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA08
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0043.001.md b/generated_pages/techniques/T0043.001.md
deleted file mode 100644
index 597f5d1..0000000
--- a/generated_pages/techniques/T0043.001.md
+++ /dev/null
@@ -1,19 +0,0 @@
-# Technique T0043.001: Use Encrypted Chat Apps
-
-* **Summary**: Examples include Signal, WhatsApp, Discord, Wire, etc.
-
-* **Belongs to tactic stage**: TA07
-
-
-| Incident | Descriptions given for this incident |
-| -------- | -------------------- |
-| [I00068 Attempted Audio Deepfake Call Targets LastPass Employee](../../generated_pages/incidents/I00068.md) | “While reports of [...] deepfake calls targeting private companies are luckily still rare, LastPass itself experienced a deepfake attempt earlier today that we are sharing with the larger community to help raise awareness that this tactic is spreading and all companies should be on the alert. In our case, an employee received a series of calls, texts, and at least one voicemail featuring an audio deepfake from a threat actor impersonating our CEO via WhatsApp. As the attempted communication was outside of normal business communication channels and due to the employee’s suspicion regarding the presence of many of the hallmarks of a social engineering attempt (such as forced urgency), our employee rightly ignored the messages and reported the incident to our internal security team so that we could take steps to both mitigate the threat and raise awareness of the tactic both internally and externally.”
In this example attackers impersonated the CEO of LastPass (T0097.100: Individual Persona, T0143.003: Impersonated Persona), targeting one of its employees over WhatsApp (T0043.001: Use Encrypted Chat Apps) using deepfaked audio (T0088.001: Develop AI-Generated Audio (Deepfakes)). |
-| [I00084 Russia turns its diplomats into disinformation warriors](../../generated_pages/incidents/I00084.md) | “[Russia’s social media] reach isn't the same as Russian state media, but they are trying to recreate what RT and Sputnik had done," said one EU official involved in tracking Russian disinformation. "It's a coordinated effort that goes beyond social media and involves specific websites."
“Central to that wider online playbook is a Telegram channel called Warfakes and an affiliated website. Since the beginning of the conflict, that social media channel has garnered more than 725,000 members and repeatedly shares alleged fact-checks aimed at debunking Ukrainian narratives, using language similar to Western-style fact-checking outlets.”
In this example a Telegram channel (T0043.001: Use Encrypted Chat Apps) was established which presented itself as a source of fact checks (T0097.203: Fact Checking Organisation Persona). |
-
-
-
-| Counters | Response types |
-| -------- | -------------- |
-
-
-DO NOT EDIT ABOVE THIS LINE - PLEASE ADD NOTES BELOW
\ No newline at end of file
diff --git a/generated_pages/techniques/T0043.002.md b/generated_pages/techniques/T0043.002.md
deleted file mode 100644
index 0c15490..0000000
--- a/generated_pages/techniques/T0043.002.md
+++ /dev/null
@@ -1,17 +0,0 @@
-# Technique T0043.002: Use Unencrypted Chats Apps
-
-* **Summary**: Examples include SMS, etc.
-
-* **Belongs to tactic stage**: TA07
-
-
-| Incident | Descriptions given for this incident |
-| -------- | -------------------- |
-
-
-
-| Counters | Response types |
-| -------- | -------------- |
-
-
-DO NOT EDIT ABOVE THIS LINE - PLEASE ADD NOTES BELOW
\ No newline at end of file
diff --git a/generated_pages/techniques/T0043.md b/generated_pages/techniques/T0043.md
deleted file mode 100644
index f2e1553..0000000
--- a/generated_pages/techniques/T0043.md
+++ /dev/null
@@ -1,19 +0,0 @@
-# Technique T0043: Chat Apps
-
-* **Summary**: Direct messaging via chat app is an increasing method of delivery. These messages are often automated and new delivery and storage methods make them anonymous, viral, and ephemeral. This is a difficult space to monitor, but also a difficult space to build acclaim or notoriety.
-
-* **Belongs to tactic stage**: TA07
-
-
-| Incident | Descriptions given for this incident |
-| -------- | -------------------- |
-| [I00006 Columbian Chemicals](../../generated_pages/incidents/I00006.md) | Use SMS/text messages |
-
-
-
-| Counters | Response types |
-| -------- | -------------- |
-| [C00121 Tool transparency and literacy for channels people follow.](../../generated_pages/counters/C00121.md) | D07 |
-
-
-DO NOT EDIT ABOVE THIS LINE - PLEASE ADD NOTES BELOW
\ No newline at end of file
diff --git a/generated_pages/techniques/T0044.md b/generated_pages/techniques/T0044.md
index 48731dd..1b1154c 100644
--- a/generated_pages/techniques/T0044.md
+++ b/generated_pages/techniques/T0044.md
@@ -2,13 +2,13 @@
**Summary**: Try a wide variety of messages in the early hours surrounding an incident or event, to give a misleading account or impression.
+**Tactic**: TA08 Conduct Pump Priming
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA08
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0045.md b/generated_pages/techniques/T0045.md
index 01ba808..ad1c4f8 100644
--- a/generated_pages/techniques/T0045.md
+++ b/generated_pages/techniques/T0045.md
@@ -2,13 +2,13 @@
**Summary**: Use the fake experts that were set up during Establish Legitimacy. Pseudo-experts are disposable assets that often appear once and then disappear. Give "credility" to misinformation. Take advantage of credential bias
+**Tactic**: TA08 Conduct Pump Priming
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA08
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0046.md b/generated_pages/techniques/T0046.md
index fc1faec..3146331 100644
--- a/generated_pages/techniques/T0046.md
+++ b/generated_pages/techniques/T0046.md
@@ -2,13 +2,13 @@
**Summary**: Manipulate content engagement metrics (ie: Reddit & Twitter) to influence/impact news search results (e.g. Google), also elevates RT & Sputnik headline into Google news alert emails. aka "Black-hat SEO"
+**Tactic**: TA08 Conduct Pump Priming
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA08
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0047.md b/generated_pages/techniques/T0047.md
index 5beca24..86b6e20 100644
--- a/generated_pages/techniques/T0047.md
+++ b/generated_pages/techniques/T0047.md
@@ -2,13 +2,13 @@
**Summary**: Use political influence or the power of state to stop critical social media comments. Government requested/driven content take downs (see Google Transperancy reports).
+**Tactic**: TA18 Drive Online Harms
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA18
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0048.001.md b/generated_pages/techniques/T0048.001.md
index 4e095e8..a6d0892 100644
--- a/generated_pages/techniques/T0048.001.md
+++ b/generated_pages/techniques/T0048.001.md
@@ -2,13 +2,13 @@
**Summary**: Cancel culture refers to the phenomenon in which individuals collectively refrain from supporting an individual, organisation, business, or other entity, usually following a real or falsified controversy. An influence operation may exploit cancel culture by emphasising an adversary’s problematic or disputed behaviour and presenting its own content as an alternative.
+**Tactic**: TA18 Drive Online Harms
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA18
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0048.002.md b/generated_pages/techniques/T0048.002.md
index 254d54d..5266a07 100644
--- a/generated_pages/techniques/T0048.002.md
+++ b/generated_pages/techniques/T0048.002.md
@@ -2,13 +2,13 @@
**Summary**: Examples include social identities like gender, sexuality, race, ethnicity, religion, ability, nationality, etc. as well as roles and occupations like journalist or activist.
+**Tactic**: TA18 Drive Online Harms
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA18
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0048.003.md b/generated_pages/techniques/T0048.003.md
index 8a4702c..38ea81f 100644
--- a/generated_pages/techniques/T0048.003.md
+++ b/generated_pages/techniques/T0048.003.md
@@ -2,13 +2,13 @@
**Summary**: Doxing refers to online harassment in which individuals publicly release private information about another individual, including names, addresses, employment information, pictures, family members, and other sensitive information. An influence operation may dox its opposition to encourage individuals aligned with operation narratives to harass the doxed individuals themselves or otherwise discourage the doxed individuals from posting or proliferating conflicting content.
+**Tactic**: TA18 Drive Online Harms
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA18
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0048.004.md b/generated_pages/techniques/T0048.004.md
index 125a8e5..f588cc3 100644
--- a/generated_pages/techniques/T0048.004.md
+++ b/generated_pages/techniques/T0048.004.md
@@ -2,13 +2,13 @@
**Summary**: Doxing refers to online harassment in which individuals publicly release private information about another individual, including names, addresses, employment information, pictures, family members, and other sensitive information. An influence operation may dox its opposition to encourage individuals aligned with operation narratives to harass the doxed individuals themselves or otherwise discourage the doxed individuals from posting or proliferating conflicting content.
+**Tactic**: TA18 Drive Online Harms
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA18
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0048.md b/generated_pages/techniques/T0048.md
index 73eb6db..dda2f8f 100644
--- a/generated_pages/techniques/T0048.md
+++ b/generated_pages/techniques/T0048.md
@@ -2,13 +2,13 @@
**Summary**: Threatening or harassing believers of opposing narratives refers to the use of intimidation techniques, including cyberbullying and doxing, to discourage opponents from voicing their dissent. An influence operation may threaten or harass believers of the opposing narratives to deter individuals from posting or proliferating conflicting content.
+**Tactic**: TA18 Drive Online Harms
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA18
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0049.001.md b/generated_pages/techniques/T0049.001.md
index b1226c4..0c561c8 100644
--- a/generated_pages/techniques/T0049.001.md
+++ b/generated_pages/techniques/T0049.001.md
@@ -2,13 +2,13 @@
**Summary**: Use trolls to amplify narratives and/or manipulate narratives. Fake profiles/sockpuppets operating to support individuals/narratives from the entire political spectrum (left/right binary). Operating with increased emphasis on promoting local content and promoting real Twitter users generating their own, often divisive political content, as it's easier to amplify existing content than create new/original content. Trolls operate where ever there's a socially divisive issue (issues that can/are be politicized).
+**Tactic**: TA17 Maximise Exposure
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA17
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0049.002.md b/generated_pages/techniques/T0049.002.md
index d0a8ad4..09e5ff1 100644
--- a/generated_pages/techniques/T0049.002.md
+++ b/generated_pages/techniques/T0049.002.md
@@ -2,13 +2,13 @@
**Summary**: Hashtags can be used by communities to collate information they post about particular topics (such as their interests, or current events) and users can find communities to join by exploring hashtags they’re interested in.
Threat actors can flood an existing hashtag to try to ruin hashtag functionality, posting content unrelated to the hashtag alongside it, making it a less reliable source of relevant information. They may also try to flood existing hashtags with campaign content, with the intent of maximising exposure to users.
This Technique covers cases where threat actors flood existing hashtags with campaign content.
This Technique covers behaviours previously documented by T0019.002: Hijack Hashtags, which has since been deprecated. This Technique was previously called Hijack Existing Hashtag.
+**Tactic**: TA17 Maximise Exposure
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA17
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0049.003.md b/generated_pages/techniques/T0049.003.md
index d32b1b1..844fafc 100644
--- a/generated_pages/techniques/T0049.003.md
+++ b/generated_pages/techniques/T0049.003.md
@@ -2,13 +2,13 @@
**Summary**: Automated forwarding and reposting refer to the proliferation of operation content using automated means, such as artificial intelligence or social media bots. An influence operation may use automated activity to increase content exposure without dedicating the resources, including personnel and time, traditionally required to forward and repost content. Use bots to amplify narratives above algorithm thresholds. Bots are automated/programmed profiles designed to amplify content (ie: automatically retweet or like) and give appearance it's more "popular" than it is. They can operate as a network, to function in a coordinated/orchestrated manner. In some cases (more so now) they are an inexpensive/disposable assets used for minimal deployment as bot detection tools improve and platforms are more responsive.
+**Tactic**: TA17 Maximise Exposure
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA17
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0049.004.md b/generated_pages/techniques/T0049.004.md
index 740b027..43bb061 100644
--- a/generated_pages/techniques/T0049.004.md
+++ b/generated_pages/techniques/T0049.004.md
@@ -2,13 +2,13 @@
**Summary**: Spamoflauge refers to the practice of disguising spam messages as legitimate. Spam refers to the use of electronic messaging systems to send out unrequested or unwanted messages in bulk. Simple methods of spamoflauge include replacing letters with numbers to fool keyword-based email spam filters, for example, "you've w0n our jackp0t!". Spamoflauge may extend to more complex techniques such as modifying the grammar or word choice of the language, casting messages as images which spam detectors cannot automatically read, or encapsulating messages in password protected attachments, such as .pdf or .zip files. Influence operations may use spamoflauge to avoid spam filtering systems and increase the likelihood of the target audience receiving operation messaging.
+**Tactic**: TA17 Maximise Exposure
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA17
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0049.005.md b/generated_pages/techniques/T0049.005.md
index 8d83a5d..9ad4d07 100644
--- a/generated_pages/techniques/T0049.005.md
+++ b/generated_pages/techniques/T0049.005.md
@@ -2,13 +2,13 @@
**Summary**: Swarming refers to the coordinated use of accounts to overwhelm the information space with operation content. Unlike information flooding, swarming centres exclusively around a specific event or actor rather than a general narrative. Swarming relies on “horizontal communication” between information assets rather than a top-down, vertical command-and-control approach.
+**Tactic**: TA17 Maximise Exposure
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA17
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0049.006.md b/generated_pages/techniques/T0049.006.md
index b9fccca..cded68a 100644
--- a/generated_pages/techniques/T0049.006.md
+++ b/generated_pages/techniques/T0049.006.md
@@ -2,13 +2,13 @@
**Summary**: Keyword squatting refers to the creation of online content, such as websites, articles, or social media accounts, around a specific search engine-optimized term to overwhelm the search results of that term. An influence may keyword squat to increase content exposure to target audience members who query the exploited term in a search engine and manipulate the narrative around the term.
+**Tactic**: TA17 Maximise Exposure
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA17
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0049.007.md b/generated_pages/techniques/T0049.007.md
index 1b4f3f8..01568b9 100644
--- a/generated_pages/techniques/T0049.007.md
+++ b/generated_pages/techniques/T0049.007.md
@@ -2,13 +2,13 @@
**Summary**: Inauthentic sites circulate cross-post stories and amplify narratives. Often these sites have no masthead, bylines or attribution.
+**Tactic**: TA17 Maximise Exposure
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA17
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0049.008.md b/generated_pages/techniques/T0049.008.md
index 7b6b04e..d6dd30c 100644
--- a/generated_pages/techniques/T0049.008.md
+++ b/generated_pages/techniques/T0049.008.md
@@ -2,13 +2,13 @@
**Summary**: Information Pollution occurs when threat actors attempt to ruin a source of information by flooding it with lots of inauthentic or unreliable content, intending to make it harder for legitimate users to find the information they’re looking for.
This sub-technique’s objective is to reduce exposure to target information, rather than promoting exposure to campaign content, for which the parent Technique T0049 can be used.
Analysts will need to infer what the motive for flooding an information space was when deciding whether to use T0049 or T0049.008 to tag a case when an information space is flooded. If such inference is not possible, default to T0049.
This Technique previously used the ID T0019.
+**Tactic**: TA17 Maximise Exposure
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA17
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0049.md b/generated_pages/techniques/T0049.md
index f596afc..0a9f98c 100644
--- a/generated_pages/techniques/T0049.md
+++ b/generated_pages/techniques/T0049.md
@@ -2,13 +2,13 @@
**Summary**: Flooding sources of information (e.g. Social Media feeds) with a high volume of inauthentic content.
This can be done to control/shape online conversations, drown out opposing points of view, or make it harder to find legitimate information.
Bots and/or patriotic trolls are effective tools to achieve this effect.
This Technique previously used the name Flooding the Information Space.
+**Tactic**: TA17 Maximise Exposure
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA17
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0050.md b/generated_pages/techniques/T0050.md
deleted file mode 100644
index 0a1834b..0000000
--- a/generated_pages/techniques/T0050.md
+++ /dev/null
@@ -1,26 +0,0 @@
-# Technique T0050: Leverage Echo Chambers/Filter Bubbles
-
-* **Summary**: An echo chamber refers to an internet subgroup, often along ideological lines, where individuals only engage with “others with which they are already in agreement.” A filter bubble refers to an algorithm's placement of an individual in content that they agree with or regularly engage with, possibly entrapping the user into a bubble of their own making. An operation may create these isolated areas of the internet by match existing groups, or aggregating individuals into a single target audience based on shared interests, politics, values, demographics, and other characteristics. Echo chambers and filter bubbles help to reinforce similar biases and content to the same target audience members.
-
-* **Belongs to tactic stage**: TA05
-
-
-| Incident | Descriptions given for this incident |
-| -------- | -------------------- |
-| [I00033 China 50cent Army](../generated_pages/incidents/I00033.md) | domestic social media influence operations focus primarily on “cheerleading” or presenting or furthering a positive narrative about the Chinese state |
-| [I00053 China Huawei CFO Arrest](../generated_pages/incidents/I00053.md) | Extend digital the physical space… gatherings ie: support for Meng outside courthouse |
-
-
-
-| Counters | Response types |
-| -------- | -------------- |
-| [C00012 Platform regulation](../generated_pages/counters/C00012.md) | D02 |
-| [C00044 Keep people from posting to social media immediately](../generated_pages/counters/C00044.md) | D03 |
-| [C00074 Identify and delete or rate limit identical content](../generated_pages/counters/C00074.md) | D02 |
-| [C00086 Distract from noise with addictive content](../generated_pages/counters/C00086.md) | D04 |
-| [C00087 Make more noise than the disinformation](../generated_pages/counters/C00087.md) | D04 |
-| [C00128 Create friction by marking content with ridicule or other "decelerants"](../generated_pages/counters/C00128.md) | D03 |
-| [C00162 Unravel/target the Potemkin villages](../generated_pages/counters/C00162.md) | D03 |
-
-
-DO NOT EDIT ABOVE THIS LINE - PLEASE ADD NOTES BELOW
\ No newline at end of file
diff --git a/generated_pages/techniques/T0051.md b/generated_pages/techniques/T0051.md
deleted file mode 100644
index 8c03d90..0000000
--- a/generated_pages/techniques/T0051.md
+++ /dev/null
@@ -1,32 +0,0 @@
-# Technique T0051: Chat apps
-
-* **Summary**: Direct messaging via chat app is an increasing method of delivery. These messages are often automated and new delivery and storage methods make them anonymous, viral, and ephemeral. This is a difficult space to monitor, but also a difficult space to build acclaim or notoriety.
-
-* **Belongs to tactic stage**: TA07
-
-
-| Incident | Descriptions given for this incident |
-| -------- | -------------------- |
-| [I00033 China 50cent Army](../generated_pages/incidents/I00033.md) | fabricated social media comment |
-
-
-
-| Counters | Response types |
-| -------- | -------------- |
-| [C00008 Create shared fact-checking database](../generated_pages/counters/C00008.md) | D04 |
-| [C00011 Media literacy. Games to identify fake news](../generated_pages/counters/C00011.md) | D02 |
-| [C00012 Platform regulation](../generated_pages/counters/C00012.md) | D02 |
-| [C00014 Real-time updates to fact-checking database](../generated_pages/counters/C00014.md) | D04 |
-| [C00016 Censorship](../generated_pages/counters/C00016.md) | D02 |
-| [C00044 Keep people from posting to social media immediately](../generated_pages/counters/C00044.md) | D03 |
-| [C00046 Marginalise and discredit extremist groups](../generated_pages/counters/C00046.md) | D04 |
-| [C00048 Name and Shame Influencers](../generated_pages/counters/C00048.md) | D07 |
-| [C00074 Identify and delete or rate limit identical content](../generated_pages/counters/C00074.md) | D02 |
-| [C00085 Mute content](../generated_pages/counters/C00085.md) | D03 |
-| [C00086 Distract from noise with addictive content](../generated_pages/counters/C00086.md) | D04 |
-| [C00087 Make more noise than the disinformation](../generated_pages/counters/C00087.md) | D04 |
-| [C00122 Content moderation](../generated_pages/counters/C00122.md) | D02 |
-| [C00176 Improve Coordination amongst stakeholders: public and private](../generated_pages/counters/C00176.md) | D07 |
-
-
-DO NOT EDIT ABOVE THIS LINE - PLEASE ADD NOTES BELOW
\ No newline at end of file
diff --git a/generated_pages/techniques/T0052.md b/generated_pages/techniques/T0052.md
deleted file mode 100644
index cfbbc0b..0000000
--- a/generated_pages/techniques/T0052.md
+++ /dev/null
@@ -1,44 +0,0 @@
-# Technique T0052: Livestream
-
-* **Summary**:
-
-* **Belongs to tactic stage**: TA07
-
-
-| Incident | Descriptions given for this incident |
-| -------- | -------------------- |
-| [I00009 PhilippinesExpert](../generated_pages/incidents/I00009.md) | News circulated/amplifed by tertiary sites (Russia Insider, The Duran, Geopolitica.ru, Mint Press News, Oriental Review, globalresearch.ca) |
-| [I00029 MH17 investigation](../generated_pages/incidents/I00029.md) | News circulated/amplifed by tertiary sites (Russia Insider, The Duran, Geopolitica.ru, Mint Press News, Oriental Review, globalresearch.ca) |
-| [I00049 White Helmets: Chemical Weapons](../generated_pages/incidents/I00049.md) | News circulated/amplifed by tertiary sites (Russia Insider, The Duran, Geopolitica.ru, Mint Press News, Oriental Review, globalresearch.ca) |
-| [I00050 #HandsOffVenezuela](../generated_pages/incidents/I00050.md) | News circulated/amplifed by tertiary sites (Mint Press News, globalresearch.ca) |
-| [I00063 Olympic Doping Scandal](../generated_pages/incidents/I00063.md) | News circulated/amplifed by tertiary sites (Russia Insider, The Duran, Geopolitica.ru, Mint Press News, Oriental Review, globalresearch.ca) |
-
-
-
-| Counters | Response types |
-| -------- | -------------- |
-| [C00009 Educate high profile influencers on best practices](../generated_pages/counters/C00009.md) | D02 |
-| [C00012 Platform regulation](../generated_pages/counters/C00012.md) | D02 |
-| [C00013 Rating framework for news](../generated_pages/counters/C00013.md) | D02 |
-| [C00016 Censorship](../generated_pages/counters/C00016.md) | D02 |
-| [C00019 Reduce effect of division-enablers](../generated_pages/counters/C00019.md) | D03 |
-| [C00046 Marginalise and discredit extremist groups](../generated_pages/counters/C00046.md) | D04 |
-| [C00048 Name and Shame Influencers](../generated_pages/counters/C00048.md) | D07 |
-| [C00070 Block access to disinformation resources](../generated_pages/counters/C00070.md) | D02 |
-| [C00074 Identify and delete or rate limit identical content](../generated_pages/counters/C00074.md) | D02 |
-| [C00078 Change Search Algorithms for Disinformation Content](../generated_pages/counters/C00078.md) | D03 |
-| [C00085 Mute content](../generated_pages/counters/C00085.md) | D03 |
-| [C00087 Make more noise than the disinformation](../generated_pages/counters/C00087.md) | D04 |
-| [C00115 Expose actor and intentions](../generated_pages/counters/C00115.md) | D02 |
-| [C00120 Open dialogue about design of platforms to produce different outcomes](../generated_pages/counters/C00120.md) | D07 |
-| [C00122 Content moderation](../generated_pages/counters/C00122.md) | D02 |
-| [C00125 Prebunking](../generated_pages/counters/C00125.md) | D03 |
-| [C00126 Social media amber alert](../generated_pages/counters/C00126.md) | D03 |
-| [C00128 Create friction by marking content with ridicule or other "decelerants"](../generated_pages/counters/C00128.md) | D03 |
-| [C00153 Take pre-emptive action against actors' infrastructure](../generated_pages/counters/C00153.md) | D03 |
-| [C00162 Unravel/target the Potemkin villages](../generated_pages/counters/C00162.md) | D03 |
-| [C00176 Improve Coordination amongst stakeholders: public and private](../generated_pages/counters/C00176.md) | D07 |
-| [C00203 Stop offering press credentials to propaganda outlets](../generated_pages/counters/C00203.md) | D03 |
-
-
-DO NOT EDIT ABOVE THIS LINE - PLEASE ADD NOTES BELOW
\ No newline at end of file
diff --git a/generated_pages/techniques/T0053.md b/generated_pages/techniques/T0053.md
deleted file mode 100644
index 42bcc0d..0000000
--- a/generated_pages/techniques/T0053.md
+++ /dev/null
@@ -1,66 +0,0 @@
-# Technique T0053: Social Networks
-
-* **Summary**:
-
-* **Belongs to tactic stage**: TA07
-
-
-| Incident | Descriptions given for this incident |
-| -------- | -------------------- |
-| [I00005 Brexit vote](../generated_pages/incidents/I00005.md) | Twitter trolls amplify & manipulate |
-| [I00007 Incirlik terrorists](../generated_pages/incidents/I00007.md) | Twitter trolls amplify & manipulate |
-| [I00010 ParklandTeens](../generated_pages/incidents/I00010.md) | Twitter trolls amplify & manipulate |
-| [I00017 US presidential elections](../generated_pages/incidents/I00017.md) | Twitter trolls amplify & manipulate |
-| [I00022 #Macronleaks](../generated_pages/incidents/I00022.md) | Twitter trolls amplify & manipulate |
-| [I00029 MH17 investigation](../generated_pages/incidents/I00029.md) | Twitter trolls amplify & manipulate |
-| [I00032 Kavanaugh](../generated_pages/incidents/I00032.md) | Twitter trolls amplify & manipulate |
-| [I00044 JadeHelm exercise](../generated_pages/incidents/I00044.md) | Twitter trolls amplify & manipulate |
-| [I00047 Sea of Azov](../generated_pages/incidents/I00047.md) | Twitter trolls amplify & manipulate |
-| [I00049 White Helmets: Chemical Weapons](../generated_pages/incidents/I00049.md) | Twitter trolls amplify & manipulate |
-| [I00050 #HandsOffVenezuela](../generated_pages/incidents/I00050.md) | Twitter trolls amplify & manipulate |
-| [I00051 Integrity Initiative](../generated_pages/incidents/I00051.md) | Twitter trolls amplify & manipulate |
-| [I00056 Iran Influence Operations](../generated_pages/incidents/I00056.md) | Twitter trolls amplify & manipulate |
-| [I00063 Olympic Doping Scandal](../generated_pages/incidents/I00063.md) | Twitter trolls amplify & manipulate |
-
-
-
-| Counters | Response types |
-| -------- | -------------- |
-| [C00006 Charge for social media](../generated_pages/counters/C00006.md) | D02 |
-| [C00009 Educate high profile influencers on best practices](../generated_pages/counters/C00009.md) | D02 |
-| [C00012 Platform regulation](../generated_pages/counters/C00012.md) | D02 |
-| [C00016 Censorship](../generated_pages/counters/C00016.md) | D02 |
-| [C00019 Reduce effect of division-enablers](../generated_pages/counters/C00019.md) | D03 |
-| [C00021 Encourage in-person communication](../generated_pages/counters/C00021.md) | D04 |
-| [C00022 Innoculate. Positive campaign to promote feeling of safety](../generated_pages/counters/C00022.md) | D04 |
-| [C00024 Promote healthy narratives](../generated_pages/counters/C00024.md) | D04 |
-| [C00027 Create culture of civility](../generated_pages/counters/C00027.md) | D07 |
-| [C00044 Keep people from posting to social media immediately](../generated_pages/counters/C00044.md) | D03 |
-| [C00046 Marginalise and discredit extremist groups](../generated_pages/counters/C00046.md) | D04 |
-| [C00048 Name and Shame Influencers](../generated_pages/counters/C00048.md) | D07 |
-| [C00073 Inoculate populations through media literacy training](../generated_pages/counters/C00073.md) | D02 |
-| [C00074 Identify and delete or rate limit identical content](../generated_pages/counters/C00074.md) | D02 |
-| [C00081 Highlight flooding and noise, and explain motivations](../generated_pages/counters/C00081.md) | D03 |
-| [C00082 Ground truthing as automated response to pollution](../generated_pages/counters/C00082.md) | D03 |
-| [C00085 Mute content](../generated_pages/counters/C00085.md) | D03 |
-| [C00086 Distract from noise with addictive content](../generated_pages/counters/C00086.md) | D04 |
-| [C00087 Make more noise than the disinformation](../generated_pages/counters/C00087.md) | D04 |
-| [C00091 Honeypot social community](../generated_pages/counters/C00091.md) | D05 |
-| [C00092 Establish a truth teller reputation score for influencers](../generated_pages/counters/C00092.md) | D07 |
-| [C00093 Influencer code of conduct](../generated_pages/counters/C00093.md) | D07 |
-| [C00097 Require use of verified identities to contribute to poll or comment](../generated_pages/counters/C00097.md) | D02 |
-| [C00101 Create friction by rate-limiting engagement](../generated_pages/counters/C00101.md) | D04 |
-| [C00103 Create a bot that engages / distract trolls](../generated_pages/counters/C00103.md) | D05 |
-| [C00115 Expose actor and intentions](../generated_pages/counters/C00115.md) | D02 |
-| [C00120 Open dialogue about design of platforms to produce different outcomes](../generated_pages/counters/C00120.md) | D07 |
-| [C00122 Content moderation](../generated_pages/counters/C00122.md) | D02 |
-| [C00124 Don't feed the trolls](../generated_pages/counters/C00124.md) | D03 |
-| [C00125 Prebunking](../generated_pages/counters/C00125.md) | D03 |
-| [C00126 Social media amber alert](../generated_pages/counters/C00126.md) | D03 |
-| [C00128 Create friction by marking content with ridicule or other "decelerants"](../generated_pages/counters/C00128.md) | D03 |
-| [C00144 Buy out troll farm employees / offer them jobs](../generated_pages/counters/C00144.md) | D04 |
-| [C00153 Take pre-emptive action against actors' infrastructure](../generated_pages/counters/C00153.md) | D03 |
-| [C00176 Improve Coordination amongst stakeholders: public and private](../generated_pages/counters/C00176.md) | D07 |
-
-
-DO NOT EDIT ABOVE THIS LINE - PLEASE ADD NOTES BELOW
\ No newline at end of file
diff --git a/generated_pages/techniques/T0054.md b/generated_pages/techniques/T0054.md
deleted file mode 100644
index 740845f..0000000
--- a/generated_pages/techniques/T0054.md
+++ /dev/null
@@ -1,58 +0,0 @@
-# Technique T0054: Media Sharing Networks
-
-* **Summary**: Media sharing networks refer to services whose primary function is the hosting and sharing of specific forms of media. Examples include Instagram, Snapchat, TikTok, Youtube, SoundCloud.
-
-* **Belongs to tactic stage**: TA07
-
-
-| Incident | Descriptions given for this incident |
-| -------- | -------------------- |
-| [I00005 Brexit vote](../generated_pages/incidents/I00005.md) | Twitter bots amplify & manipulate |
-| [I00007 Incirlik terrorists](../generated_pages/incidents/I00007.md) | Twitter bots amplify & manipulate |
-| [I00010 ParklandTeens](../generated_pages/incidents/I00010.md) | Twitter bots amplify & manipulate |
-| [I00017 US presidential elections](../generated_pages/incidents/I00017.md) | Twitter bots amplify & manipulate |
-| [I00022 #Macronleaks](../generated_pages/incidents/I00022.md) | Twitter bots amplify & manipulate |
-| [I00029 MH17 investigation](../generated_pages/incidents/I00029.md) | Twitter bots amplify & manipulate |
-| [I00032 Kavanaugh](../generated_pages/incidents/I00032.md) | Twitter bots amplify & manipulate |
-| [I00042 Saudi/Qatar bot dispute](../generated_pages/incidents/I00042.md) | Twitter bots amplify & manipulate |
-| [I00044 JadeHelm exercise](../generated_pages/incidents/I00044.md) | Twitter bots amplify & manipulate |
-| [I00047 Sea of Azov](../generated_pages/incidents/I00047.md) | Twitter bots amplify & manipulate |
-| [I00049 White Helmets: Chemical Weapons](../generated_pages/incidents/I00049.md) | Twitter bots amplify & manipulate |
-| [I00050 #HandsOffVenezuela](../generated_pages/incidents/I00050.md) | Twitter bots amplify & manipulate |
-| [I00051 Integrity Initiative](../generated_pages/incidents/I00051.md) | Twitter bots amplify & manipulate |
-| [I00056 Iran Influence Operations](../generated_pages/incidents/I00056.md) | Twitter bots amplify & manipulate |
-| [I00063 Olympic Doping Scandal](../generated_pages/incidents/I00063.md) | Twitter bots amplify & manipulate |
-
-
-
-| Counters | Response types |
-| -------- | -------------- |
-| [C00006 Charge for social media](../generated_pages/counters/C00006.md) | D02 |
-| [C00012 Platform regulation](../generated_pages/counters/C00012.md) | D02 |
-| [C00016 Censorship](../generated_pages/counters/C00016.md) | D02 |
-| [C00044 Keep people from posting to social media immediately](../generated_pages/counters/C00044.md) | D03 |
-| [C00046 Marginalise and discredit extremist groups](../generated_pages/counters/C00046.md) | D04 |
-| [C00048 Name and Shame Influencers](../generated_pages/counters/C00048.md) | D07 |
-| [C00074 Identify and delete or rate limit identical content](../generated_pages/counters/C00074.md) | D02 |
-| [C00081 Highlight flooding and noise, and explain motivations](../generated_pages/counters/C00081.md) | D03 |
-| [C00082 Ground truthing as automated response to pollution](../generated_pages/counters/C00082.md) | D03 |
-| [C00085 Mute content](../generated_pages/counters/C00085.md) | D03 |
-| [C00086 Distract from noise with addictive content](../generated_pages/counters/C00086.md) | D04 |
-| [C00087 Make more noise than the disinformation](../generated_pages/counters/C00087.md) | D04 |
-| [C00091 Honeypot social community](../generated_pages/counters/C00091.md) | D05 |
-| [C00092 Establish a truth teller reputation score for influencers](../generated_pages/counters/C00092.md) | D07 |
-| [C00097 Require use of verified identities to contribute to poll or comment](../generated_pages/counters/C00097.md) | D02 |
-| [C00101 Create friction by rate-limiting engagement](../generated_pages/counters/C00101.md) | D04 |
-| [C00120 Open dialogue about design of platforms to produce different outcomes](../generated_pages/counters/C00120.md) | D07 |
-| [C00122 Content moderation](../generated_pages/counters/C00122.md) | D02 |
-| [C00123 Remove or rate limit botnets](../generated_pages/counters/C00123.md) | D03 |
-| [C00125 Prebunking](../generated_pages/counters/C00125.md) | D03 |
-| [C00126 Social media amber alert](../generated_pages/counters/C00126.md) | D03 |
-| [C00128 Create friction by marking content with ridicule or other "decelerants"](../generated_pages/counters/C00128.md) | D03 |
-| [C00131 Seize and analyse botnet servers](../generated_pages/counters/C00131.md) | D02 |
-| [C00153 Take pre-emptive action against actors' infrastructure](../generated_pages/counters/C00153.md) | D03 |
-| [C00176 Improve Coordination amongst stakeholders: public and private](../generated_pages/counters/C00176.md) | D07 |
-| [C00182 Redirection / malware detection/ remediation](../generated_pages/counters/C00182.md) | D02 |
-
-
-DO NOT EDIT ABOVE THIS LINE - PLEASE ADD NOTES BELOW
\ No newline at end of file
diff --git a/generated_pages/techniques/T0055.md b/generated_pages/techniques/T0055.md
deleted file mode 100644
index 8c75a65..0000000
--- a/generated_pages/techniques/T0055.md
+++ /dev/null
@@ -1,43 +0,0 @@
-# Technique T0055: Discussion Forums
-
-* **Summary**: Platforms for finding, discussing, and sharing information and opinions. Examples include Reddit, Quora, Digg, message boards, interest-based discussion forums, etc.
-
-* **Belongs to tactic stage**: TA07
-
-
-| Incident | Descriptions given for this incident |
-| -------- | -------------------- |
-| [I00006 Columbian Chemicals](../generated_pages/incidents/I00006.md) | Create and use hashtag |
-
-
-
-| Counters | Response types |
-| -------- | -------------- |
-| [C00009 Educate high profile influencers on best practices](../generated_pages/counters/C00009.md) | D02 |
-| [C00012 Platform regulation](../generated_pages/counters/C00012.md) | D02 |
-| [C00016 Censorship](../generated_pages/counters/C00016.md) | D02 |
-| [C00032 Hijack content and link to truth- based info](../generated_pages/counters/C00032.md) | D03 |
-| [C00044 Keep people from posting to social media immediately](../generated_pages/counters/C00044.md) | D03 |
-| [C00066 Co-opt a hashtag and drown it out (hijack it back)](../generated_pages/counters/C00066.md) | D03 |
-| [C00070 Block access to disinformation resources](../generated_pages/counters/C00070.md) | D02 |
-| [C00072 Remove non-relevant content from special interest groups - not recommended](../generated_pages/counters/C00072.md) | D02 |
-| [C00074 Identify and delete or rate limit identical content](../generated_pages/counters/C00074.md) | D02 |
-| [C00081 Highlight flooding and noise, and explain motivations](../generated_pages/counters/C00081.md) | D03 |
-| [C00082 Ground truthing as automated response to pollution](../generated_pages/counters/C00082.md) | D03 |
-| [C00085 Mute content](../generated_pages/counters/C00085.md) | D03 |
-| [C00086 Distract from noise with addictive content](../generated_pages/counters/C00086.md) | D04 |
-| [C00087 Make more noise than the disinformation](../generated_pages/counters/C00087.md) | D04 |
-| [C00100 Hashtag jacking](../generated_pages/counters/C00100.md) | D03 |
-| [C00107 Content moderation](../generated_pages/counters/C00107.md) | D02 |
-| [C00120 Open dialogue about design of platforms to produce different outcomes](../generated_pages/counters/C00120.md) | D07 |
-| [C00122 Content moderation](../generated_pages/counters/C00122.md) | D02 |
-| [C00125 Prebunking](../generated_pages/counters/C00125.md) | D03 |
-| [C00126 Social media amber alert](../generated_pages/counters/C00126.md) | D03 |
-| [C00128 Create friction by marking content with ridicule or other "decelerants"](../generated_pages/counters/C00128.md) | D03 |
-| [C00176 Improve Coordination amongst stakeholders: public and private](../generated_pages/counters/C00176.md) | D07 |
-| [C00184 Media exposure](../generated_pages/counters/C00184.md) | D04 |
-| [C00195 Redirect searches away from disinformation or extremist content ](../generated_pages/counters/C00195.md) | D02 |
-| [C00211 Use humorous counter-narratives](../generated_pages/counters/C00211.md) | D03 |
-
-
-DO NOT EDIT ABOVE THIS LINE - PLEASE ADD NOTES BELOW
\ No newline at end of file
diff --git a/generated_pages/techniques/T0056.md b/generated_pages/techniques/T0056.md
deleted file mode 100644
index 45b251b..0000000
--- a/generated_pages/techniques/T0056.md
+++ /dev/null
@@ -1,64 +0,0 @@
-# Technique T0056: Bookmarking and Content Curation
-
-* **Summary**: Platforms for searching, sharing, and curating content and media. Examples include Pinterest, Flipboard, etc.
-
-* **Belongs to tactic stage**: TA07
-
-
-| Incident | Descriptions given for this incident |
-| -------- | -------------------- |
-| [I00002 #VaccinateUS](../generated_pages/incidents/I00002.md) | create web-site - information pollution |
-| [I00005 Brexit vote](../generated_pages/incidents/I00005.md) | RT & Sputnik generate information pollution |
-| [I00007 Incirlik terrorists](../generated_pages/incidents/I00007.md) | RT & Sputnik generate information pollution (report an unreported false story/event) |
-| [I00009 PhilippinesExpert](../generated_pages/incidents/I00009.md) | RT & Sputnik generate information pollution |
-| [I00017 US presidential elections](../generated_pages/incidents/I00017.md) | RT & Sputnik generate information pollution |
-| [I00029 MH17 investigation](../generated_pages/incidents/I00029.md) | RT & Sputnik generate information pollution (synthetic media) |
-| [I00032 Kavanaugh](../generated_pages/incidents/I00032.md) | RT & Sputnik generate information pollution |
-| [I00044 JadeHelm exercise](../generated_pages/incidents/I00044.md) | RT & Sputnik generate information pollution |
-| [I00049 White Helmets: Chemical Weapons](../generated_pages/incidents/I00049.md) | RT & Sputnik generate information pollution (synthetic media) |
-| [I00050 #HandsOffVenezuela](../generated_pages/incidents/I00050.md) | RT & Sputnik generate information pollution (synthetic media) |
-| [I00051 Integrity Initiative](../generated_pages/incidents/I00051.md) | RT & Sputnik generate information pollution |
-| [I00053 China Huawei CFO Arrest](../generated_pages/incidents/I00053.md) | State-run media seeds foreign influence environment |
-| [I00063 Olympic Doping Scandal](../generated_pages/incidents/I00063.md) | RT & Sputnik generate information pollution (synthetic media) |
-
-
-
-| Counters | Response types |
-| -------- | -------------- |
-| [C00008 Create shared fact-checking database](../generated_pages/counters/C00008.md) | D04 |
-| [C00009 Educate high profile influencers on best practices](../generated_pages/counters/C00009.md) | D02 |
-| [C00011 Media literacy. Games to identify fake news](../generated_pages/counters/C00011.md) | D02 |
-| [C00012 Platform regulation](../generated_pages/counters/C00012.md) | D02 |
-| [C00013 Rating framework for news](../generated_pages/counters/C00013.md) | D02 |
-| [C00014 Real-time updates to fact-checking database](../generated_pages/counters/C00014.md) | D04 |
-| [C00016 Censorship](../generated_pages/counters/C00016.md) | D02 |
-| [C00019 Reduce effect of division-enablers](../generated_pages/counters/C00019.md) | D03 |
-| [C00036 Infiltrate the in-group to discredit leaders (divide)](../generated_pages/counters/C00036.md) | D02 |
-| [C00042 Address truth contained in narratives](../generated_pages/counters/C00042.md) | D04 |
-| [C00044 Keep people from posting to social media immediately](../generated_pages/counters/C00044.md) | D03 |
-| [C00046 Marginalise and discredit extremist groups](../generated_pages/counters/C00046.md) | D04 |
-| [C00048 Name and Shame Influencers](../generated_pages/counters/C00048.md) | D07 |
-| [C00070 Block access to disinformation resources](../generated_pages/counters/C00070.md) | D02 |
-| [C00071 Block source of pollution](../generated_pages/counters/C00071.md) | D02 |
-| [C00073 Inoculate populations through media literacy training](../generated_pages/counters/C00073.md) | D02 |
-| [C00073 Inoculate populations through media literacy training](../generated_pages/counters/C00073.md) | D02 |
-| [C00078 Change Search Algorithms for Disinformation Content](../generated_pages/counters/C00078.md) | D03 |
-| [C00081 Highlight flooding and noise, and explain motivations](../generated_pages/counters/C00081.md) | D03 |
-| [C00082 Ground truthing as automated response to pollution](../generated_pages/counters/C00082.md) | D03 |
-| [C00085 Mute content](../generated_pages/counters/C00085.md) | D03 |
-| [C00087 Make more noise than the disinformation](../generated_pages/counters/C00087.md) | D04 |
-| [C00092 Establish a truth teller reputation score for influencers](../generated_pages/counters/C00092.md) | D07 |
-| [C00115 Expose actor and intentions](../generated_pages/counters/C00115.md) | D02 |
-| [C00120 Open dialogue about design of platforms to produce different outcomes](../generated_pages/counters/C00120.md) | D07 |
-| [C00122 Content moderation](../generated_pages/counters/C00122.md) | D02 |
-| [C00125 Prebunking](../generated_pages/counters/C00125.md) | D03 |
-| [C00126 Social media amber alert](../generated_pages/counters/C00126.md) | D03 |
-| [C00128 Create friction by marking content with ridicule or other "decelerants"](../generated_pages/counters/C00128.md) | D03 |
-| [C00138 Spam domestic actors with lawsuits](../generated_pages/counters/C00138.md) | D03 |
-| [C00153 Take pre-emptive action against actors' infrastructure](../generated_pages/counters/C00153.md) | D03 |
-| [C00162 Unravel/target the Potemkin villages](../generated_pages/counters/C00162.md) | D03 |
-| [C00176 Improve Coordination amongst stakeholders: public and private](../generated_pages/counters/C00176.md) | D07 |
-| [C00203 Stop offering press credentials to propaganda outlets](../generated_pages/counters/C00203.md) | D03 |
-
-
-DO NOT EDIT ABOVE THIS LINE - PLEASE ADD NOTES BELOW
\ No newline at end of file
diff --git a/generated_pages/techniques/T0057.001.md b/generated_pages/techniques/T0057.001.md
index 8f37822..6fdf11d 100644
--- a/generated_pages/techniques/T0057.001.md
+++ b/generated_pages/techniques/T0057.001.md
@@ -2,13 +2,13 @@
**Summary**: Paying for physical action occurs when an influence operation pays individuals to act in the physical realm. An influence operation may pay for physical action to create specific situations and frame them in a way that supports operation narratives, for example, paying a group of people to burn a car to later post an image of the burning car and frame it as an act of protest.
+**Tactic**: TA10 Drive Offline Activity
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA10
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0057.002.md b/generated_pages/techniques/T0057.002.md
index f6076dd..e3d388b 100644
--- a/generated_pages/techniques/T0057.002.md
+++ b/generated_pages/techniques/T0057.002.md
@@ -2,13 +2,13 @@
**Summary**: Symbolic action refers to activities specifically intended to advance an operation’s narrative by signalling something to the audience, for example, a military parade supporting a state’s narrative of military superiority. An influence operation may use symbolic action to create falsified evidence supporting operation narratives in the physical information space.
+**Tactic**: TA10 Drive Offline Activity
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA10
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0057.md b/generated_pages/techniques/T0057.md
index 9ef1d42..6f9bee8 100644
--- a/generated_pages/techniques/T0057.md
+++ b/generated_pages/techniques/T0057.md
@@ -2,13 +2,13 @@
**Summary**: Coordinate and promote real-world events across media platforms, e.g. rallies, protests, gatherings in support of incident narratives.
+**Tactic**: TA10 Drive Offline Activity
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA10
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0058.md b/generated_pages/techniques/T0058.md
deleted file mode 100644
index 8418913..0000000
--- a/generated_pages/techniques/T0058.md
+++ /dev/null
@@ -1,24 +0,0 @@
-# Technique T0058: Consumer Review Networks
-
-* **Summary**: Platforms for finding, reviewing, and sharing information about brands, products, services, restaurants, travel destinations, etc. Examples include Yelp, TripAdvisor, etc.
-
-* **Belongs to tactic stage**: TA07
-
-
-| Incident | Descriptions given for this incident |
-| -------- | -------------------- |
-| [I00002 #VaccinateUS](../generated_pages/incidents/I00002.md) | legacy web content, hard to remove content and/or campaign/exploit TOS |
-| [I00056 Iran Influence Operations](../generated_pages/incidents/I00056.md) | legacy web content |
-
-
-
-| Counters | Response types |
-| -------- | -------------- |
-| [C00016 Censorship](../generated_pages/counters/C00016.md) | D02 |
-| [C00070 Block access to disinformation resources](../generated_pages/counters/C00070.md) | D02 |
-| [C00143 (botnet) DMCA takedown requests to waste group time](../generated_pages/counters/C00143.md) | D04 |
-| [C00153 Take pre-emptive action against actors' infrastructure](../generated_pages/counters/C00153.md) | D03 |
-| [C00176 Improve Coordination amongst stakeholders: public and private](../generated_pages/counters/C00176.md) | D07 |
-
-
-DO NOT EDIT ABOVE THIS LINE - PLEASE ADD NOTES BELOW
\ No newline at end of file
diff --git a/generated_pages/techniques/T0059.md b/generated_pages/techniques/T0059.md
index 670a3e7..d13fc25 100644
--- a/generated_pages/techniques/T0059.md
+++ b/generated_pages/techniques/T0059.md
@@ -2,13 +2,13 @@
**Summary**: Play the long game refers to two phenomena: 1. To plan messaging and allow it to grow organically without conducting your own amplification. This is methodical and slow and requires years for the message to take hold 2. To develop a series of seemingly disconnected messaging narratives that eventually combine into a new narrative.
+**Tactic**: TA11 Persist in the Information Environment
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA11
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0060.md b/generated_pages/techniques/T0060.md
index 610fade..6ca16d8 100644
--- a/generated_pages/techniques/T0060.md
+++ b/generated_pages/techniques/T0060.md
@@ -2,13 +2,13 @@
**Summary**: continue narrative or message amplification after the main incident work has finished
+**Tactic**: TA11 Persist in the Information Environment
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA11
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0061.001.md b/generated_pages/techniques/T0061.001.md
deleted file mode 100644
index 1c9fe57..0000000
--- a/generated_pages/techniques/T0061.001.md
+++ /dev/null
@@ -1,17 +0,0 @@
-# Technique T0061.001: Sell Merchandise
-
-* **Summary**: Selling merchandise refers to the sale of often branded items to the target audience. An influence operation may sell merchandise to raise funds and promote its messaging in the physical information space, for example, by selling t-shirts with operational messaging displayed on the clothing.
-
-* **Belongs to tactic stage**: TA10
-
-
-| Incident | Descriptions given for this incident |
-| -------- | -------------------- |
-
-
-
-| Counters | Response types |
-| -------- | -------------- |
-
-
-DO NOT EDIT ABOVE THIS LINE - PLEASE ADD NOTES BELOW
\ No newline at end of file
diff --git a/generated_pages/techniques/T0061.md b/generated_pages/techniques/T0061.md
index c651cbc..038e1e7 100644
--- a/generated_pages/techniques/T0061.md
+++ b/generated_pages/techniques/T0061.md
@@ -2,13 +2,13 @@
**Summary**: Sell mechandise refers to getting the message or narrative into physical space in the offline world while making money
+**Tactic**: TA10 Drive Offline Activity
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA10
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0062.md b/generated_pages/techniques/T0062.md
deleted file mode 100644
index 50e4bc1..0000000
--- a/generated_pages/techniques/T0062.md
+++ /dev/null
@@ -1,22 +0,0 @@
-# Technique T0062: Email
-
-* **Summary**:
-
-* **Belongs to tactic stage**: TA07
-
-
-| Incident | Descriptions given for this incident |
-| -------- | -------------------- |
-
-
-
-| Counters | Response types |
-| -------- | -------------- |
-| [C00047 Honeypot with coordinated inauthentics](../generated_pages/counters/C00047.md) | D05 |
-| [C00090 Fake engagement system](../generated_pages/counters/C00090.md) | D05 |
-| [C00091 Honeypot social community](../generated_pages/counters/C00091.md) | D05 |
-| [C00103 Create a bot that engages / distract trolls](../generated_pages/counters/C00103.md) | D05 |
-| [C00148 Add random links to network graphs](../generated_pages/counters/C00148.md) | D04 |
-
-
-DO NOT EDIT ABOVE THIS LINE - PLEASE ADD NOTES BELOW
\ No newline at end of file
diff --git a/generated_pages/techniques/T0063.md b/generated_pages/techniques/T0063.md
deleted file mode 100644
index 86aa69e..0000000
--- a/generated_pages/techniques/T0063.md
+++ /dev/null
@@ -1,25 +0,0 @@
-# Technique T0063: Trial content
-
-* **Summary**: Iteratively test incident performance (messages, content etc), e.g. A/B test headline/content enagagement metrics; website and/or funding campaign conversion rates
-
-* **Belongs to tactic stage**: TA08
-
-
-| Incident | Descriptions given for this incident |
-| -------- | -------------------- |
-
-
-
-| Counters | Response types |
-| -------- | -------------- |
-| [C00047 Honeypot with coordinated inauthentics](../generated_pages/counters/C00047.md) | D05 |
-| [C00090 Fake engagement system](../generated_pages/counters/C00090.md) | D05 |
-| [C00091 Honeypot social community](../generated_pages/counters/C00091.md) | D05 |
-| [C00103 Create a bot that engages / distract trolls](../generated_pages/counters/C00103.md) | D05 |
-| [C00124 Don't feed the trolls](../generated_pages/counters/C00124.md) | D03 |
-| [C00136 Microtarget most likely targets then send them countermessages](../generated_pages/counters/C00136.md) | D03 |
-| [C00148 Add random links to network graphs](../generated_pages/counters/C00148.md) | D04 |
-| [C00149 Poison the monitoring & evaluation data](../generated_pages/counters/C00149.md) | D04 |
-
-
-DO NOT EDIT ABOVE THIS LINE - PLEASE ADD NOTES BELOW
\ No newline at end of file
diff --git a/generated_pages/techniques/T0064.md b/generated_pages/techniques/T0064.md
deleted file mode 100644
index cf2867c..0000000
--- a/generated_pages/techniques/T0064.md
+++ /dev/null
@@ -1,17 +0,0 @@
-# Technique T0064: Bait legitimate influencers
-
-* **Summary**: Credibility in a social media environment is often a function of the size of a user's network. "Influencers" are so-called because of their reach, typically understood as: 1) the size of their network (i.e. the number of followers, perhaps weighted by their own influence); and 2) The rate at which their comments are re-circulated (these two metrics are related). Add traditional media players at all levels of credibility and professionalism to this, and the number of potential influencial carriers available for unwitting amplification becomes substantial. By targeting high-influence people and organizations in all types of media with narratives and content engineered to appeal their emotional or ideological drivers, influence campaigns are able to add perceived credibility to their messaging via saturation and adoption by trusted agents such as celebrities, journalists and local leaders.
-
-* **Belongs to tactic stage**: TA08
-
-
-| Incident | Descriptions given for this incident |
-| -------- | -------------------- |
-
-
-
-| Counters | Response types |
-| -------- | -------------- |
-
-
-DO NOT EDIT ABOVE THIS LINE - PLEASE ADD NOTES BELOW
\ No newline at end of file
diff --git a/generated_pages/techniques/T0065.md b/generated_pages/techniques/T0065.md
index c9a8893..f95a57b 100644
--- a/generated_pages/techniques/T0065.md
+++ b/generated_pages/techniques/T0065.md
@@ -2,13 +2,13 @@
**Summary**: Create or coopt broadcast capabilities (e.g. TV, radio etc).
+**Tactic**: TA15 Establish Assets
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA15
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0066.md b/generated_pages/techniques/T0066.md
index 84b3b3d..eb9fb4c 100644
--- a/generated_pages/techniques/T0066.md
+++ b/generated_pages/techniques/T0066.md
@@ -2,13 +2,13 @@
**Summary**: Plan to degrade an adversary’s image or ability to act. This could include preparation and use of harmful information about the adversary’s actions or reputation.
+**Tactic**: TA02 Plan Objectives
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA02
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0067.md b/generated_pages/techniques/T0067.md
deleted file mode 100644
index 271b632..0000000
--- a/generated_pages/techniques/T0067.md
+++ /dev/null
@@ -1,17 +0,0 @@
-# Technique T0067: Use fake experts
-
-* **Summary**: Use the fake experts that were set up during Establish Legitimacy. Pseudo-experts are disposable assets that often appear once and then disappear. Give "credility" to misinformation. Take advantage of credential bias
-
-* **Belongs to tactic stage**: TA08
-
-
-| Incident | Descriptions given for this incident |
-| -------- | -------------------- |
-
-
-
-| Counters | Response types |
-| -------- | -------------- |
-
-
-DO NOT EDIT ABOVE THIS LINE - PLEASE ADD NOTES BELOW
\ No newline at end of file
diff --git a/generated_pages/techniques/T0068.md b/generated_pages/techniques/T0068.md
index cc0831d..192eb85 100644
--- a/generated_pages/techniques/T0068.md
+++ b/generated_pages/techniques/T0068.md
@@ -2,13 +2,13 @@
**Summary**: Media attention on a story or event is heightened during a breaking news event, where unclear facts and incomplete information increase speculation, rumours, and conspiracy theories, which are all vulnerable to manipulation.
+**Tactic**: TA14 Develop Narratives
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA14
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0069.md b/generated_pages/techniques/T0069.md
deleted file mode 100644
index 2e8578b..0000000
--- a/generated_pages/techniques/T0069.md
+++ /dev/null
@@ -1,17 +0,0 @@
-# Technique T0069: Employ Commercial Analytic Firms
-
-* **Summary**: Commercial analytic firms collect data on target audience activities and evaluate the data to detect trends, such as content receiving high click-rates. An influence operation may employ commercial analytic firms to facilitate external collection on its target audience, complicating attribution efforts and better tailoring the content to audience preferences.
-
-* **Belongs to tactic stage**: TA08
-
-
-| Incident | Descriptions given for this incident |
-| -------- | -------------------- |
-
-
-
-| Counters | Response types |
-| -------- | -------------- |
-
-
-DO NOT EDIT ABOVE THIS LINE - PLEASE ADD NOTES BELOW
\ No newline at end of file
diff --git a/generated_pages/techniques/T0070.md b/generated_pages/techniques/T0070.md
deleted file mode 100644
index 74c2aa7..0000000
--- a/generated_pages/techniques/T0070.md
+++ /dev/null
@@ -1,17 +0,0 @@
-# Technique T0070: Deliver Ads
-
-* **Summary**: Delivering content via any form of paid media or advertising.
-
-* **Belongs to tactic stage**: TA09
-
-
-| Incident | Descriptions given for this incident |
-| -------- | -------------------- |
-
-
-
-| Counters | Response types |
-| -------- | -------------- |
-
-
-DO NOT EDIT ABOVE THIS LINE - PLEASE ADD NOTES BELOW
\ No newline at end of file
diff --git a/generated_pages/techniques/T0071.md b/generated_pages/techniques/T0071.md
deleted file mode 100644
index d799eb9..0000000
--- a/generated_pages/techniques/T0071.md
+++ /dev/null
@@ -1,17 +0,0 @@
-# Technique T0071: Post Content
-
-* **Summary**: Delivering content by posting via owned media (assets that the operator controls).
-
-* **Belongs to tactic stage**: TA09
-
-
-| Incident | Descriptions given for this incident |
-| -------- | -------------------- |
-
-
-
-| Counters | Response types |
-| -------- | -------------- |
-
-
-DO NOT EDIT ABOVE THIS LINE - PLEASE ADD NOTES BELOW
\ No newline at end of file
diff --git a/generated_pages/techniques/T0072.001.md b/generated_pages/techniques/T0072.001.md
index 911af74..e6b7fca 100644
--- a/generated_pages/techniques/T0072.001.md
+++ b/generated_pages/techniques/T0072.001.md
@@ -2,13 +2,13 @@
**Summary**: An influence operation may target populations in a specific geographic location, such as a region, state, or city. An influence operation may use geographic segmentation to Create Localised Content (see: Establish Legitimacy).
+**Tactic**: TA13 Target Audience Analysis
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA13
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0072.002.md b/generated_pages/techniques/T0072.002.md
index 37d6bdb..62bbceb 100644
--- a/generated_pages/techniques/T0072.002.md
+++ b/generated_pages/techniques/T0072.002.md
@@ -2,13 +2,13 @@
**Summary**: An influence operation may target populations based on demographic segmentation, including age, gender, and income. Demographic segmentation may be useful for influence operations aiming to change state policies that affect a specific population sector. For example, an influence operation attempting to influence Medicare funding in the United States would likely target U.S. voters over 65 years of age.
+**Tactic**: TA13 Target Audience Analysis
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA13
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0072.003.md b/generated_pages/techniques/T0072.003.md
index 23a86e3..bccbd67 100644
--- a/generated_pages/techniques/T0072.003.md
+++ b/generated_pages/techniques/T0072.003.md
@@ -2,13 +2,13 @@
**Summary**: An influence operation may target populations based on their income bracket, wealth, or other financial or economic division.
+**Tactic**: TA13 Target Audience Analysis
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA13
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0072.004.md b/generated_pages/techniques/T0072.004.md
index 51a2440..495f98c 100644
--- a/generated_pages/techniques/T0072.004.md
+++ b/generated_pages/techniques/T0072.004.md
@@ -2,13 +2,13 @@
**Summary**: An influence operation may target populations based on psychographic segmentation, which uses audience values and decision-making processes. An operation may individually gather psychographic data with its own surveys or collection tools or externally purchase data from social media companies or online surveys, such as personality quizzes.
+**Tactic**: TA13 Target Audience Analysis
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA13
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0072.005.md b/generated_pages/techniques/T0072.005.md
index f284609..b37f78d 100644
--- a/generated_pages/techniques/T0072.005.md
+++ b/generated_pages/techniques/T0072.005.md
@@ -2,13 +2,13 @@
**Summary**: An influence operation may target populations based on their political affiliations, especially when aiming to manipulate voting or change policy.
+**Tactic**: TA13 Target Audience Analysis
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA13
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0072.md b/generated_pages/techniques/T0072.md
index 096be08..c919e59 100644
--- a/generated_pages/techniques/T0072.md
+++ b/generated_pages/techniques/T0072.md
@@ -2,13 +2,13 @@
**Summary**: Create audience segmentations by features of interest to the influence campaign, including political affiliation, geographic location, income, demographics, and psychographics.
+**Tactic**: TA13 Target Audience Analysis
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA13
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0073.md b/generated_pages/techniques/T0073.md
index c7a83ef..393ebae 100644
--- a/generated_pages/techniques/T0073.md
+++ b/generated_pages/techniques/T0073.md
@@ -2,13 +2,13 @@
**Summary**: Determining the target audiences (segments of the population) who will receive campaign narratives and artefacts intended to achieve the strategic ends.
+**Tactic**: TA01 Plan Strategy
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA01
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0074.001.md b/generated_pages/techniques/T0074.001.md
index 072367b..b9fd24f 100644
--- a/generated_pages/techniques/T0074.001.md
+++ b/generated_pages/techniques/T0074.001.md
@@ -2,13 +2,13 @@
**Summary**: Favourable position on the international stage in terms of great power politics or regional rivalry. Geopolitics plays out in the realms of foreign policy, national security, diplomacy, and intelligence. It involves nation-state governments, heads of state, foreign ministers, intergovernmental organisations, and regional security alliances.
+**Tactic**: TA01 Plan Strategy
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA01
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0074.002.md b/generated_pages/techniques/T0074.002.md
index 5704597..b9c7cb4 100644
--- a/generated_pages/techniques/T0074.002.md
+++ b/generated_pages/techniques/T0074.002.md
@@ -2,13 +2,13 @@
**Summary**: Favourable position vis-à-vis national or sub-national political opponents such as political parties, interest groups, politicians, candidates.
+**Tactic**: TA01 Plan Strategy
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA01
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0074.003.md b/generated_pages/techniques/T0074.003.md
index b0ded3b..f5b9b42 100644
--- a/generated_pages/techniques/T0074.003.md
+++ b/generated_pages/techniques/T0074.003.md
@@ -2,13 +2,13 @@
**Summary**: Favourable position domestically or internationally in the realms of commerce, trade, finance, industry. Economics involves nation-states, corporations, banks, trade blocs, industry associations, cartels.
+**Tactic**: TA01 Plan Strategy
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA01
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0074.004.md b/generated_pages/techniques/T0074.004.md
index 1155fec..6c3c859 100644
--- a/generated_pages/techniques/T0074.004.md
+++ b/generated_pages/techniques/T0074.004.md
@@ -2,13 +2,13 @@
**Summary**: Favourable position domestically or internationally in the market for ideas, beliefs, and world views. Competition plays out among faith systems, political systems, and value systems. It can involve sub-national, national or supra-national movements.
+**Tactic**: TA01 Plan Strategy
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA01
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0074.md b/generated_pages/techniques/T0074.md
index 575b529..38ec84e 100644
--- a/generated_pages/techniques/T0074.md
+++ b/generated_pages/techniques/T0074.md
@@ -2,13 +2,13 @@
**Summary**: These are the long-term end-states the campaign aims to bring about. They typically involve an advantageous position vis-a-vis competitors in terms of power or influence. The strategic goal may be to improve or simply to hold one’s position. Competition occurs in the public sphere in the domains of war, diplomacy, politics, economics, and ideology, and can play out between armed groups, nation-states, political parties, corporations, interest groups, or individuals.
+**Tactic**: TA01 Plan Strategy
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA01
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0075.001.md b/generated_pages/techniques/T0075.001.md
index 8ed9c2d..1b591ea 100644
--- a/generated_pages/techniques/T0075.001.md
+++ b/generated_pages/techniques/T0075.001.md
@@ -2,13 +2,13 @@
**Summary**: Plan to delegitimize the media landscape and degrade public trust in reporting, by discrediting credible sources. This makes it easier to promote influence operation content.
+**Tactic**: TA02 Plan Objectives
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA02
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0075.md b/generated_pages/techniques/T0075.md
index 7634caf..588fdb6 100644
--- a/generated_pages/techniques/T0075.md
+++ b/generated_pages/techniques/T0075.md
@@ -2,13 +2,13 @@
**Summary**: Push back against criticism by dismissing your critics. This might be arguing that the critics use a different standard for you than with other actors or themselves; or arguing that their criticism is biassed.
+**Tactic**: TA02 Plan Objectives
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA02
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0076.md b/generated_pages/techniques/T0076.md
index 1293882..2ef15ba 100644
--- a/generated_pages/techniques/T0076.md
+++ b/generated_pages/techniques/T0076.md
@@ -2,13 +2,13 @@
**Summary**: Twist the narrative. Take information, or artefacts like images, and change the framing around them.
+**Tactic**: TA02 Plan Objectives
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA02
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0077.md b/generated_pages/techniques/T0077.md
index 412219e..d22059e 100644
--- a/generated_pages/techniques/T0077.md
+++ b/generated_pages/techniques/T0077.md
@@ -2,13 +2,13 @@
**Summary**: Shift attention to a different narrative or actor, for instance by accusing critics of the same activity that they’ve accused you of (e.g. police brutality).
+**Tactic**: TA02 Plan Objectives
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA02
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0078.md b/generated_pages/techniques/T0078.md
index b5785a3..024c26b 100644
--- a/generated_pages/techniques/T0078.md
+++ b/generated_pages/techniques/T0078.md
@@ -2,13 +2,13 @@
**Summary**: Threaten the critic or narrator of events. For instance, threaten journalists or news outlets reporting on a story.
+**Tactic**: TA02 Plan Objectives
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA02
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0079.md b/generated_pages/techniques/T0079.md
index 31aa5a9..171ae57 100644
--- a/generated_pages/techniques/T0079.md
+++ b/generated_pages/techniques/T0079.md
@@ -2,13 +2,13 @@
**Summary**: Create conflict between subgroups, to widen divisions in a community
+**Tactic**: TA02 Plan Objectives
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA02
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0080.001.md b/generated_pages/techniques/T0080.001.md
index a3ec32f..79227b7 100644
--- a/generated_pages/techniques/T0080.001.md
+++ b/generated_pages/techniques/T0080.001.md
@@ -2,13 +2,13 @@
**Summary**: An influence operation may use social media analytics to determine which factors will increase the operation content’s exposure to its target audience on social media platforms, including views, interactions, and sentiment relating to topics and content types. The social media platform itself or a third-party tool may collect the metrics.
+**Tactic**: TA13 Target Audience Analysis
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA13
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0080.002.md b/generated_pages/techniques/T0080.002.md
index 6afc808..af36364 100644
--- a/generated_pages/techniques/T0080.002.md
+++ b/generated_pages/techniques/T0080.002.md
@@ -2,13 +2,13 @@
**Summary**: An influence operation may evaluate its own or third-party media surveys to determine what type of content appeals to its target audience. Media surveys may provide insight into an audience’s political views, social class, general interests, or other indicators used to tailor operation messaging to its target audience.
+**Tactic**: TA13 Target Audience Analysis
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA13
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0080.003.md b/generated_pages/techniques/T0080.003.md
index 1f93b8a..517b824 100644
--- a/generated_pages/techniques/T0080.003.md
+++ b/generated_pages/techniques/T0080.003.md
@@ -2,13 +2,13 @@
**Summary**: An influence operation may identify trending hashtags on social media platforms for later use in boosting operation content. A hashtag40 refers to a word or phrase preceded by the hash symbol (#) on social media used to identify messages and posts relating to a specific topic. All public posts that use the same hashtag are aggregated onto a centralised page dedicated to the word or phrase and sorted either chronologically or by popularity.
+**Tactic**: TA13 Target Audience Analysis
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA13
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0080.004.md b/generated_pages/techniques/T0080.004.md
index 20cbd59..70c2ea9 100644
--- a/generated_pages/techniques/T0080.004.md
+++ b/generated_pages/techniques/T0080.004.md
@@ -2,13 +2,13 @@
**Summary**: An influence operation may conduct web traffic analysis to determine which search engines, keywords, websites, and advertisements gain the most traction with its target audience.
+**Tactic**: TA13 Target Audience Analysis
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA13
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0080.005.md b/generated_pages/techniques/T0080.005.md
index dcab7a3..b5643bf 100644
--- a/generated_pages/techniques/T0080.005.md
+++ b/generated_pages/techniques/T0080.005.md
@@ -2,13 +2,13 @@
**Summary**: An influence operation may survey a target audience’s Internet availability and degree of media freedom to determine which target audience members will have access to operation content and on which platforms. An operation may face more difficulty targeting an information environment with heavy restrictions and media control than an environment with independent media, freedom of speech and of the press, and individual liberties.
+**Tactic**: TA13 Target Audience Analysis
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA13
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0080.md b/generated_pages/techniques/T0080.md
index 2d10857..b6b8e49 100644
--- a/generated_pages/techniques/T0080.md
+++ b/generated_pages/techniques/T0080.md
@@ -2,13 +2,13 @@
**Summary**: Mapping the target audience information environment analyses the information space itself, including social media analytics, web traffic, and media surveys. Mapping the information environment may help the influence operation determine the most realistic and popular information channels to reach its target audience. Mapping the target audience information environment aids influence operations in determining the most vulnerable areas of the information space to target with messaging.
+**Tactic**: TA13 Target Audience Analysis
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA13
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0081.001.md b/generated_pages/techniques/T0081.001.md
index 435deb4..3d692a0 100644
--- a/generated_pages/techniques/T0081.001.md
+++ b/generated_pages/techniques/T0081.001.md
@@ -2,13 +2,13 @@
**Summary**: Find or plan to create areas (social media groups, search term groups, hashtag groups etc) where individuals only engage with people they agree with.
+**Tactic**: TA13 Target Audience Analysis
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA13
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0081.002.md b/generated_pages/techniques/T0081.002.md
index 144cd4c..1e29acb 100644
--- a/generated_pages/techniques/T0081.002.md
+++ b/generated_pages/techniques/T0081.002.md
@@ -2,13 +2,13 @@
**Summary**: A data void refers to a word or phrase that results in little, manipulative, or low-quality search engine data. Data voids are hard to detect and relatively harmless until exploited by an entity aiming to quickly proliferate false or misleading information during a phenomenon that causes a high number of individuals to query the term or phrase. In the Plan phase, an influence operation may identify data voids for later exploitation in the operation. A 2019 report by Michael Golebiewski identifies five types of data voids. (1) “Breaking news” data voids occur when a keyword gains popularity during a short period of time, allowing an influence operation to publish false content before legitimate news outlets have an opportunity to publish relevant information. (2) An influence operation may create a “strategic new terms” data void by creating their own terms and publishing information online before promoting their keyword to the target audience. (3) An influence operation may publish content on “outdated terms” that have decreased in popularity, capitalising on most search engines’ preferences for recency. (4) “Fragmented concepts” data voids separate connections between similar ideas, isolating segment queries to distinct search engine results. (5) An influence operation may use “problematic queries” that previously resulted in disturbing or inappropriate content to promote messaging until mainstream media recontextualizes the term.
+**Tactic**: TA13 Target Audience Analysis
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA13
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0081.003.md b/generated_pages/techniques/T0081.003.md
index 5a31cb2..811769c 100644
--- a/generated_pages/techniques/T0081.003.md
+++ b/generated_pages/techniques/T0081.003.md
@@ -2,13 +2,13 @@
**Summary**: An influence operation may exploit existing racial, religious, demographic, or social prejudices to further polarise its target audience from the rest of the public.
+**Tactic**: TA13 Target Audience Analysis
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA13
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0081.004.md b/generated_pages/techniques/T0081.004.md
index 30a3d64..429f82c 100644
--- a/generated_pages/techniques/T0081.004.md
+++ b/generated_pages/techniques/T0081.004.md
@@ -2,13 +2,13 @@
**Summary**: An influence operation may identify existing fissures to pit target populations against one another or facilitate a “divide-and-conquer" approach to tailor operation narratives along the divides.
+**Tactic**: TA13 Target Audience Analysis
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA13
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0081.005.md b/generated_pages/techniques/T0081.005.md
index 4eba272..90e0486 100644
--- a/generated_pages/techniques/T0081.005.md
+++ b/generated_pages/techniques/T0081.005.md
@@ -2,13 +2,13 @@
**Summary**: An influence operation may assess preexisting conspiracy theories or suspicions in a population to identify existing narratives that support operational objectives.
+**Tactic**: TA13 Target Audience Analysis
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA13
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0081.006.md b/generated_pages/techniques/T0081.006.md
index 75bd080..20d20a2 100644
--- a/generated_pages/techniques/T0081.006.md
+++ b/generated_pages/techniques/T0081.006.md
@@ -2,13 +2,13 @@
**Summary**: A wedge issue is a divisive political issue, usually concerning a social phenomenon, that divides individuals along a defined line. An influence operation may exploit wedge issues by intentionally polarising the public along the wedge issue line and encouraging opposition between factions.
+**Tactic**: TA13 Target Audience Analysis
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA13
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0081.007.md b/generated_pages/techniques/T0081.007.md
index e341e2d..b61c722 100644
--- a/generated_pages/techniques/T0081.007.md
+++ b/generated_pages/techniques/T0081.007.md
@@ -2,13 +2,13 @@
**Summary**: An influence operation may identify or create a real or imaginary adversary to centre operation narratives against. A real adversary may include certain politicians or political parties while imaginary adversaries may include falsified “deep state”62 actors that, according to conspiracies, run the state behind public view.
+**Tactic**: TA13 Target Audience Analysis
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA13
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0081.008.md b/generated_pages/techniques/T0081.008.md
index e8d0ee2..259b1e1 100644
--- a/generated_pages/techniques/T0081.008.md
+++ b/generated_pages/techniques/T0081.008.md
@@ -2,13 +2,13 @@
**Summary**: An influence operation may exploit existing weaknesses in a target’s media system. These weaknesses may include existing biases among media agencies, vulnerability to false news agencies on social media, or existing distrust of traditional media sources. An existing distrust among the public in the media system’s credibility holds high potential for exploitation by an influence operation when establishing alternative news agencies to spread operation content.
+**Tactic**: TA13 Target Audience Analysis
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA13
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0081.md b/generated_pages/techniques/T0081.md
index 22e76e4..1bc5f97 100644
--- a/generated_pages/techniques/T0081.md
+++ b/generated_pages/techniques/T0081.md
@@ -2,13 +2,13 @@
**Summary**: Identifying social and technical vulnerabilities determines weaknesses within the target audience information environment for later exploitation. Vulnerabilities include decisive political issues, weak cybersecurity infrastructure, search engine data voids, and other technical and non technical weaknesses in the target information environment. Identifying social and technical vulnerabilities facilitates the later exploitation of the identified weaknesses to advance operation objectives.
+**Tactic**: TA13 Target Audience Analysis
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA13
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0082.md b/generated_pages/techniques/T0082.md
index a65b607..2d64fb4 100644
--- a/generated_pages/techniques/T0082.md
+++ b/generated_pages/techniques/T0082.md
@@ -2,13 +2,13 @@
**Summary**: Actors may develop new narratives to further strategic or tactical goals, especially when existing narratives adequately align with the campaign goals. New narratives provide more control in terms of crafting the message to achieve specific goals. However, new narratives may require more effort to disseminate than adapting or adopting existing narratives.
+**Tactic**: TA14 Develop Narratives
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA14
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0083.md b/generated_pages/techniques/T0083.md
index 5fdc69d..3adb187 100644
--- a/generated_pages/techniques/T0083.md
+++ b/generated_pages/techniques/T0083.md
@@ -2,13 +2,13 @@
**Summary**: An influence operation may seek to exploit the preexisting weaknesses, fears, and enemies of the target audience for integration into the operation’s narratives and overall strategy. Integrating existing vulnerabilities into the operational approach conserves resources by exploiting already weak areas of the target information environment instead of forcing the operation to create new vulnerabilities in the environment.
+**Tactic**: TA14 Develop Narratives
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA14
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0084.001.md b/generated_pages/techniques/T0084.001.md
index bb367eb..5582be2 100644
--- a/generated_pages/techniques/T0084.001.md
+++ b/generated_pages/techniques/T0084.001.md
@@ -2,13 +2,13 @@
**Summary**: Copypasta refers to a piece of text that has been copied and pasted multiple times across various online platforms. A copypasta’s final form may differ from its original source text as users add, delete, or otherwise edit the content as they repost the text.
+**Tactic**: TA06 Develop Content
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA06
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0084.002.md b/generated_pages/techniques/T0084.002.md
index f20b984..d481780 100644
--- a/generated_pages/techniques/T0084.002.md
+++ b/generated_pages/techniques/T0084.002.md
@@ -2,13 +2,13 @@
**Summary**: An influence operation may take content from other sources without proper attribution. This content may be either misinformation content shared by others without malicious intent but now leveraged by the campaign as disinformation or disinformation content from other sources.
+**Tactic**: TA06 Develop Content
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA06
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0084.003.md b/generated_pages/techniques/T0084.003.md
index 66e4069..ff64fa5 100644
--- a/generated_pages/techniques/T0084.003.md
+++ b/generated_pages/techniques/T0084.003.md
@@ -2,13 +2,13 @@
**Summary**: An influence operation may take authentic content from other sources and add deceptive labels or deceptively translate the content into other langauges.
+**Tactic**: TA06 Develop Content
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA06
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0084.004.md b/generated_pages/techniques/T0084.004.md
index 576ffae..41585a3 100644
--- a/generated_pages/techniques/T0084.004.md
+++ b/generated_pages/techniques/T0084.004.md
@@ -2,13 +2,13 @@
**Summary**: An influence operation may take content from other sources with proper attribution. This content may be either misinformation content shared by others without malicious intent but now leveraged by the campaign as disinformation or disinformation content from other sources. Examples include the appropriation of content from one inauthentic news site to another inauthentic news site or network in ways that align with the originators licencing or terms of service.
+**Tactic**: TA06 Develop Content
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA06
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0084.md b/generated_pages/techniques/T0084.md
index df0cf5f..36f949b 100644
--- a/generated_pages/techniques/T0084.md
+++ b/generated_pages/techniques/T0084.md
@@ -2,13 +2,13 @@
**Summary**: When an operation recycles content from its own previous operations or plagiarises from external operations. An operation may launder information to conserve resources that would have otherwise been utilised to develop new content.
+**Tactic**: TA06 Develop Content
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA06
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0085.001.md b/generated_pages/techniques/T0085.001.md
index b82ad88..2e8f47f 100644
--- a/generated_pages/techniques/T0085.001.md
+++ b/generated_pages/techniques/T0085.001.md
@@ -2,14 +2,14 @@
**Summary**: AI-generated texts refers to synthetic text composed by computers using text-generating AI technology. Autonomous generation refers to content created by a bot without human input, also known as bot-created content generation. Autonomous generation represents the next step in automation after language generation and may lead to automated journalism. An influence operation may use read fakes or autonomous generation to quickly develop and distribute content to the target audience.
+**Tactic**: TA06 Develop Content
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-| [T0085.008 Machine Translated Text](../../generated_pages/techniques/T0085.008.md) | AT00000001 Use this sub-technique when AI has been used to generate a translation of a piece of text. |
+| [T0085.008 Machine Translated Text](../../generated_pages/techniques/T0085.008.md) | Use this sub-technique when AI has been used to generate a translation of a piece of text. |
-**Belongs to tactic stage**: TA06
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0085.002.md b/generated_pages/techniques/T0085.002.md
deleted file mode 100644
index 5ade4e1..0000000
--- a/generated_pages/techniques/T0085.002.md
+++ /dev/null
@@ -1,17 +0,0 @@
-# Technique T0085.002: Develop False or Altered Documents
-
-* **Summary**: Develop False or Altered Documents
-
-* **Belongs to tactic stage**: TA06
-
-
-| Incident | Descriptions given for this incident |
-| -------- | -------------------- |
-
-
-
-| Counters | Response types |
-| -------- | -------------- |
-
-
-DO NOT EDIT ABOVE THIS LINE - PLEASE ADD NOTES BELOW
\ No newline at end of file
diff --git a/generated_pages/techniques/T0085.003.md b/generated_pages/techniques/T0085.003.md
index 338408c..1a436ab 100644
--- a/generated_pages/techniques/T0085.003.md
+++ b/generated_pages/techniques/T0085.003.md
@@ -2,13 +2,13 @@
**Summary**: An influence operation may develop false or misleading news articles aligned to their campaign goals or narratives.
+**Tactic**: TA06 Develop Content
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA06
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0085.004.md b/generated_pages/techniques/T0085.004.md
index e2cfdcb..afb1f23 100644
--- a/generated_pages/techniques/T0085.004.md
+++ b/generated_pages/techniques/T0085.004.md
@@ -2,13 +2,13 @@
**Summary**: Produce text in the form of a document.
+**Tactic**: TA06 Develop Content
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA06
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0085.005.md b/generated_pages/techniques/T0085.005.md
index 00efd1f..1b1a13b 100644
--- a/generated_pages/techniques/T0085.005.md
+++ b/generated_pages/techniques/T0085.005.md
@@ -2,13 +2,13 @@
**Summary**: Produce text content in the form of a book.
This technique covers both e-books and physical books, however, the former is more easily deployed by threat actors given the lower cost to develop.
+**Tactic**: TA06 Develop Content
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA06
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0085.006.md b/generated_pages/techniques/T0085.006.md
index be09a9a..e2a86a0 100644
--- a/generated_pages/techniques/T0085.006.md
+++ b/generated_pages/techniques/T0085.006.md
@@ -2,13 +2,13 @@
**Summary**: Opinion articles (aka “Op-Eds” or “Editorials”) are articles or regular columns flagged as “opinion” posted to news sources, and can be contributed by people outside the organisation.
Flagging articles as opinions allow news organisations to distinguish them from the typical expectations of objective news reporting while distancing the presented opinion from the organisation or its employees.
The use of this technique is not by itself an indication of malicious or inauthentic content; Op-eds are a common format in media. However, threat actors exploit op-eds to, for example, submit opinion articles to local media to promote their narratives.
Examples from the perspective of a news site involve publishing op-eds from perceived prestigious voices to give legitimacy to an inauthentic publication, or supporting causes by hosting op-eds from actors aligned with the organisation’s goals.
+**Tactic**: TA06 Develop Content
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA06
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0085.007.md b/generated_pages/techniques/T0085.007.md
index e7ce414..26c554d 100644
--- a/generated_pages/techniques/T0085.007.md
+++ b/generated_pages/techniques/T0085.007.md
@@ -2,13 +2,13 @@
**Summary**: Create fake academic research. Example: fake social science research is often aimed at hot-button social issues such as gender, race and sexuality. Fake science research can target Climate Science debate or pseudoscience like anti-vaxx.
This Technique previously used the ID T0019.001.
+**Tactic**: TA06 Develop Content
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA06
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0085.008.md b/generated_pages/techniques/T0085.008.md
index b6ed745..c96a267 100644
--- a/generated_pages/techniques/T0085.008.md
+++ b/generated_pages/techniques/T0085.008.md
@@ -2,13 +2,13 @@
**Summary**: Text which has been translated into another language using machine translation tools, such as AI.
+**Tactic**: TA06 Develop Content
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA06
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0085.md b/generated_pages/techniques/T0085.md
index fa59daf..1167f1f 100644
--- a/generated_pages/techniques/T0085.md
+++ b/generated_pages/techniques/T0085.md
@@ -2,13 +2,13 @@
**Summary**: Creating and editing false or misleading text-based artefacts, often aligned with one or more specific narratives, for use in a disinformation campaign.
+**Tactic**: TA06 Develop Content
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA06
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0086.001.md b/generated_pages/techniques/T0086.001.md
index d042b95..2276ea3 100644
--- a/generated_pages/techniques/T0086.001.md
+++ b/generated_pages/techniques/T0086.001.md
@@ -2,13 +2,13 @@
**Summary**: Memes are one of the most important single artefact types in all of computational propaganda. Memes in this framework denotes the narrow image-based definition. But that naming is no accident, as these items have most of the important properties of Dawkins' original conception as a self-replicating unit of culture. Memes pull together reference and commentary; image and narrative; emotion and message. Memes are a powerful tool and the heart of modern influence campaigns.
+**Tactic**: TA06 Develop Content
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA06
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0086.002.md b/generated_pages/techniques/T0086.002.md
index ddf6c50..fb1b0c0 100644
--- a/generated_pages/techniques/T0086.002.md
+++ b/generated_pages/techniques/T0086.002.md
@@ -2,14 +2,14 @@
**Summary**: Deepfakes refer to AI-generated falsified photos, videos, or soundbites. An influence operation may use deepfakes to depict an inauthentic situation by synthetically recreating an individual’s face, body, voice, and physical gestures.
+**Tactic**: TA06 Develop Content
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-| [T0145.002 AI-Generated Account Imagery](../../generated_pages/techniques/T0145.002.md) | AT00000002 Analysts should use this sub-technique to document use of AI generated imagery in accounts’ profile pictures or other account imagery. |
+| [T0145.002 AI-Generated Account Imagery](../../generated_pages/techniques/T0145.002.md) | Analysts should use this sub-technique to document use of AI generated imagery in accounts’ profile pictures or other account imagery. |
-**Belongs to tactic stage**: TA06
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0086.003.md b/generated_pages/techniques/T0086.003.md
index df5811c..6753b81 100644
--- a/generated_pages/techniques/T0086.003.md
+++ b/generated_pages/techniques/T0086.003.md
@@ -2,13 +2,13 @@
**Summary**: Cheap fakes utilise less sophisticated measures of altering an image, video, or audio for example, slowing, speeding, or cutting footage to create a false context surrounding an image or event.
+**Tactic**: TA06 Develop Content
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA06
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0086.004.md b/generated_pages/techniques/T0086.004.md
index c0f92bd..b1466fc 100644
--- a/generated_pages/techniques/T0086.004.md
+++ b/generated_pages/techniques/T0086.004.md
@@ -2,13 +2,13 @@
**Summary**: Image files that aggregate positive evidence (Joan Donovan)
+**Tactic**: TA06 Develop Content
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA06
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0086.md b/generated_pages/techniques/T0086.md
index 935c623..3b1c1e2 100644
--- a/generated_pages/techniques/T0086.md
+++ b/generated_pages/techniques/T0086.md
@@ -2,13 +2,13 @@
**Summary**: Creating and editing false or misleading visual artefacts, often aligned with one or more specific narratives, for use in a disinformation campaign. This may include photographing staged real-life situations, repurposing existing digital images, or using image creation and editing technologies.
+**Tactic**: TA06 Develop Content
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA06
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0087.001.md b/generated_pages/techniques/T0087.001.md
index 5972421..2f1e680 100644
--- a/generated_pages/techniques/T0087.001.md
+++ b/generated_pages/techniques/T0087.001.md
@@ -2,13 +2,13 @@
**Summary**: Deepfakes refer to AI-generated falsified photos, videos, or soundbites. An influence operation may use deepfakes to depict an inauthentic situation by synthetically recreating an individual’s face, body, voice, and physical gestures.
+**Tactic**: TA06 Develop Content
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA06
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0087.002.md b/generated_pages/techniques/T0087.002.md
index 1f618bc..6e80e27 100644
--- a/generated_pages/techniques/T0087.002.md
+++ b/generated_pages/techniques/T0087.002.md
@@ -2,13 +2,13 @@
**Summary**: Cheap fakes utilise less sophisticated measures of altering an image, video, or audio for example, slowing, speeding, or cutting footage to create a false context surrounding an image or event.
+**Tactic**: TA06 Develop Content
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA06
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0087.md b/generated_pages/techniques/T0087.md
index 9fef8be..23d71c0 100644
--- a/generated_pages/techniques/T0087.md
+++ b/generated_pages/techniques/T0087.md
@@ -2,13 +2,13 @@
**Summary**: Creating and editing false or misleading video artefacts, often aligned with one or more specific narratives, for use in a disinformation campaign. This may include staging videos of purportedly real situations, repurposing existing video artefacts, or using AI-generated video creation and editing technologies (including deepfakes).
+**Tactic**: TA06 Develop Content
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA06
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0088.001.md b/generated_pages/techniques/T0088.001.md
index ab28f57..dc3cc72 100644
--- a/generated_pages/techniques/T0088.001.md
+++ b/generated_pages/techniques/T0088.001.md
@@ -2,13 +2,13 @@
**Summary**: Deepfakes refer to AI-generated falsified photos, videos, or soundbites. An influence operation may use deepfakes to depict an inauthentic situation by synthetically recreating an individual’s face, body, voice, and physical gestures.
+**Tactic**: TA06 Develop Content
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA06
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0088.002.md b/generated_pages/techniques/T0088.002.md
index bae024b..f093185 100644
--- a/generated_pages/techniques/T0088.002.md
+++ b/generated_pages/techniques/T0088.002.md
@@ -2,13 +2,13 @@
**Summary**: Cheap fakes utilise less sophisticated measures of altering an image, video, or audio for example, slowing, speeding, or cutting footage to create a false context surrounding an image or event.
+**Tactic**: TA06 Develop Content
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA06
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0088.md b/generated_pages/techniques/T0088.md
index 780101e..db66269 100644
--- a/generated_pages/techniques/T0088.md
+++ b/generated_pages/techniques/T0088.md
@@ -2,13 +2,13 @@
**Summary**: Creating and editing false or misleading audio artefacts, often aligned with one or more specific narratives, for use in a disinformation campaign. This may include creating completely new audio content, repurposing existing audio artefacts (including cheap fakes), or using AI-generated audio creation and editing technologies (including deepfakes).
+**Tactic**: TA06 Develop Content
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA06
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0089.001.md b/generated_pages/techniques/T0089.001.md
index 5e61e9d..95ff7a2 100644
--- a/generated_pages/techniques/T0089.001.md
+++ b/generated_pages/techniques/T0089.001.md
@@ -2,13 +2,13 @@
**Summary**: Procure authentic documents that are not publicly available, by whatever means -- whether legal or illegal, highly-resourced or less so. These documents can be "leaked" during later stages in the operation.
+**Tactic**: TA06 Develop Content
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA06
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0089.002.md b/generated_pages/techniques/T0089.002.md
deleted file mode 100644
index 0404b59..0000000
--- a/generated_pages/techniques/T0089.002.md
+++ /dev/null
@@ -1,17 +0,0 @@
-# Technique T0089.002: Create Inauthentic Documents
-
-* **Summary**: Create inauthentic documents intended to appear as if they are authentic non-public documents. These documents can be "leaked" during later stages in the operation.
-
-* **Belongs to tactic stage**: TA06
-
-
-| Incident | Descriptions given for this incident |
-| -------- | -------------------- |
-
-
-
-| Counters | Response types |
-| -------- | -------------- |
-
-
-DO NOT EDIT ABOVE THIS LINE - PLEASE ADD NOTES BELOW
\ No newline at end of file
diff --git a/generated_pages/techniques/T0089.003.md b/generated_pages/techniques/T0089.003.md
index 866169a..3d6b4b5 100644
--- a/generated_pages/techniques/T0089.003.md
+++ b/generated_pages/techniques/T0089.003.md
@@ -2,13 +2,13 @@
**Summary**: Alter authentic documents (public or non-public) to achieve campaign goals. The altered documents are intended to appear as if they are authentic and can be "leaked" during later stages in the operation.
+**Tactic**: TA06 Develop Content
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA06
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0089.md b/generated_pages/techniques/T0089.md
index b4ec49d..213e77d 100644
--- a/generated_pages/techniques/T0089.md
+++ b/generated_pages/techniques/T0089.md
@@ -2,13 +2,13 @@
**Summary**: Procuring documents that are not publicly available, by whatever means -- whether legal or illegal, highly-resourced or less so. These documents can include authentic non-public documents, authentic non-public documents have been altered, or inauthentic documents intended to appear as if they are authentic non-public documents. All of these types of documents can be "leaked" during later stages in the operation.
+**Tactic**: TA06 Develop Content
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA06
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0090.001.md b/generated_pages/techniques/T0090.001.md
deleted file mode 100644
index f51f764..0000000
--- a/generated_pages/techniques/T0090.001.md
+++ /dev/null
@@ -1,17 +0,0 @@
-# Technique T0090.001: Create Anonymous Accounts
-
-* **Summary**: Anonymous accounts or anonymous users refer to users that access network resources without providing a username or password. An influence operation may use anonymous accounts to spread content without direct attribution to the operation.
-
-* **Belongs to tactic stage**: TA15
-
-
-| Incident | Descriptions given for this incident |
-| -------- | -------------------- |
-
-
-
-| Counters | Response types |
-| -------- | -------------- |
-
-
-DO NOT EDIT ABOVE THIS LINE - PLEASE ADD NOTES BELOW
\ No newline at end of file
diff --git a/generated_pages/techniques/T0090.002.md b/generated_pages/techniques/T0090.002.md
deleted file mode 100644
index f0990a1..0000000
--- a/generated_pages/techniques/T0090.002.md
+++ /dev/null
@@ -1,17 +0,0 @@
-# Technique T0090.002: Create Cyborg Accounts
-
-* **Summary**: Cyborg accounts refer to partly manned, partly automated social media accounts. Cyborg accounts primarily act as bots, but a human operator periodically takes control of the account to engage with real social media users by responding to comments and posting original content. Influence operations may use cyborg accounts to reduce the amount of direct human input required to maintain a regular account but increase the apparent legitimacy of the cyborg account by occasionally breaking its bot-like behaviour with human interaction.
-
-* **Belongs to tactic stage**: TA15
-
-
-| Incident | Descriptions given for this incident |
-| -------- | -------------------- |
-
-
-
-| Counters | Response types |
-| -------- | -------------- |
-
-
-DO NOT EDIT ABOVE THIS LINE - PLEASE ADD NOTES BELOW
\ No newline at end of file
diff --git a/generated_pages/techniques/T0090.003.md b/generated_pages/techniques/T0090.003.md
deleted file mode 100644
index 7581efb..0000000
--- a/generated_pages/techniques/T0090.003.md
+++ /dev/null
@@ -1,17 +0,0 @@
-# Technique T0090.003: Create Bot Accounts
-
-* **Summary**: Bots refer to autonomous internet users that interact with systems or other users while imitating traditional human behaviour. Bots use a variety of tools to stay active without direct human operation, including artificial intelligence and big data analytics. For example, an individual may programme a Twitter bot to retweet a tweet every time it contains a certain keyword or hashtag. An influence operation may use bots to increase its exposure and artificially promote its content across the internet without dedicating additional time or human resources. Amplifier bots promote operation content through reposts, shares, and likes to increase the content’s online popularity. Hacker bots are traditionally covert bots running on computer scripts that rarely engage with users and work primarily as agents of larger cyberattacks, such as a Distributed Denial of Service attacks. Spammer bots are programmed to post content on social media or in comment sections, usually as a supplementary tool. Impersonator bots102 pose as real people by mimicking human behaviour, complicating their detection.
-
-* **Belongs to tactic stage**: TA15
-
-
-| Incident | Descriptions given for this incident |
-| -------- | -------------------- |
-
-
-
-| Counters | Response types |
-| -------- | -------------- |
-
-
-DO NOT EDIT ABOVE THIS LINE - PLEASE ADD NOTES BELOW
\ No newline at end of file
diff --git a/generated_pages/techniques/T0090.004.md b/generated_pages/techniques/T0090.004.md
deleted file mode 100644
index 3a2b097..0000000
--- a/generated_pages/techniques/T0090.004.md
+++ /dev/null
@@ -1,17 +0,0 @@
-# Technique T0090.004: Create Sockpuppet Accounts
-
-* **Summary**: Sockpuppet accounts refer to falsified accounts that either promote the influence operation’s own material or attack critics of the material online. Individuals who control sockpuppet accounts also man at least one other user account.67 Sockpuppet accounts help legitimise operation narratives by providing an appearance of external support for the material and discrediting opponents of the operation.
-
-* **Belongs to tactic stage**: TA15
-
-
-| Incident | Descriptions given for this incident |
-| -------- | -------------------- |
-
-
-
-| Counters | Response types |
-| -------- | -------------- |
-
-
-DO NOT EDIT ABOVE THIS LINE - PLEASE ADD NOTES BELOW
\ No newline at end of file
diff --git a/generated_pages/techniques/T0090.md b/generated_pages/techniques/T0090.md
deleted file mode 100644
index 31b6869..0000000
--- a/generated_pages/techniques/T0090.md
+++ /dev/null
@@ -1,17 +0,0 @@
-# Technique T0090: Create Inauthentic Accounts
-
-* **Summary**: Inauthentic accounts include bot accounts, cyborg accounts, sockpuppet accounts, and anonymous accounts.
-
-* **Belongs to tactic stage**: TA15
-
-
-| Incident | Descriptions given for this incident |
-| -------- | -------------------- |
-
-
-
-| Counters | Response types |
-| -------- | -------------- |
-
-
-DO NOT EDIT ABOVE THIS LINE - PLEASE ADD NOTES BELOW
\ No newline at end of file
diff --git a/generated_pages/techniques/T0091.001.md b/generated_pages/techniques/T0091.001.md
index 9e04a7e..f325fb5 100644
--- a/generated_pages/techniques/T0091.001.md
+++ b/generated_pages/techniques/T0091.001.md
@@ -2,13 +2,13 @@
**Summary**: Operators recruit paid contractor to support the campaign.
+**Tactic**: TA15 Establish Assets
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA15
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0091.002.md b/generated_pages/techniques/T0091.002.md
index 803b8ce..4124eef 100644
--- a/generated_pages/techniques/T0091.002.md
+++ b/generated_pages/techniques/T0091.002.md
@@ -2,13 +2,13 @@
**Summary**: Operators recruit partisans (ideologically-aligned individuals) to support the campaign.
+**Tactic**: TA15 Establish Assets
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA15
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0091.003.md b/generated_pages/techniques/T0091.003.md
index 491e95a..055ee15 100644
--- a/generated_pages/techniques/T0091.003.md
+++ b/generated_pages/techniques/T0091.003.md
@@ -2,13 +2,13 @@
**Summary**: An influence operation may hire trolls, or human operators of fake accounts that aim to provoke others by posting and amplifying content about controversial issues. Trolls can serve to discredit an influence operation’s opposition or bring attention to the operation’s cause through debate. Classic trolls refer to regular people who troll for personal reasons, such as attention-seeking or boredom. Classic trolls may advance operation narratives by coincidence but are not directly affiliated with any larger operation. Conversely, hybrid trolls act on behalf of another institution, such as a state or financial organisation, and post content with a specific ideological goal. Hybrid trolls may be highly advanced and institutionalised or less organised and work for a single individual.
+**Tactic**: TA15 Establish Assets
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA15
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0091.md b/generated_pages/techniques/T0091.md
index b5082b3..b2e14f2 100644
--- a/generated_pages/techniques/T0091.md
+++ b/generated_pages/techniques/T0091.md
@@ -2,13 +2,13 @@
**Summary**: Operators recruit bad actors paying recruiting, or exerting control over individuals includes trolls, partisans, and contractors.
+**Tactic**: TA15 Establish Assets
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA15
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0092.001.md b/generated_pages/techniques/T0092.001.md
index 5fce354..8a80e62 100644
--- a/generated_pages/techniques/T0092.001.md
+++ b/generated_pages/techniques/T0092.001.md
@@ -2,13 +2,13 @@
**Summary**: Influence operations may establish organisations with legitimate or falsified hierarchies, staff, and content to structure operation assets, provide a sense of legitimacy to the operation, or provide institutional backing to operation activities.
+**Tactic**: TA15 Establish Assets
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA15
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0092.002.md b/generated_pages/techniques/T0092.002.md
index 4a2867e..b0515e5 100644
--- a/generated_pages/techniques/T0092.002.md
+++ b/generated_pages/techniques/T0092.002.md
@@ -2,13 +2,13 @@
**Summary**: A follow train is a group of people who follow each other on a social media platform, often as a way for an individual or campaign to grow its social media following. Follow trains may be a violation of platform Terms of Service. They are also known as follow-for-follow groups.
+**Tactic**: TA15 Establish Assets
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA15
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0092.003.md b/generated_pages/techniques/T0092.003.md
index cbc42bf..a2fafae 100644
--- a/generated_pages/techniques/T0092.003.md
+++ b/generated_pages/techniques/T0092.003.md
@@ -2,13 +2,13 @@
**Summary**: When there is not an existing community or sub-group that meets a campaign's goals, an influence operation may seek to create a community or sub-group.
+**Tactic**: TA15 Establish Assets
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA15
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0092.md b/generated_pages/techniques/T0092.md
index 5d040e2..ea13a5c 100644
--- a/generated_pages/techniques/T0092.md
+++ b/generated_pages/techniques/T0092.md
@@ -2,13 +2,13 @@
**Summary**: Operators build their own network, creating links between accounts -- whether authentic or inauthentic -- in order amplify and promote narratives and artefacts, and encourage further growth of ther network, as well as the ongoing sharing and engagement with operational content.
+**Tactic**: TA15 Establish Assets
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA15
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0093.001.md b/generated_pages/techniques/T0093.001.md
index edf29a9..549bace 100644
--- a/generated_pages/techniques/T0093.001.md
+++ b/generated_pages/techniques/T0093.001.md
@@ -2,13 +2,13 @@
**Summary**: An influence operation may fund proxies, or external entities that work for the operation. An operation may recruit/train users with existing sympathies towards the operation’s narratives and/or goals as proxies. Funding proxies serves various purposes including: - Diversifying operation locations to complicate attribution - Reducing the workload for direct operation assets
+**Tactic**: TA15 Establish Assets
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA15
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0093.002.md b/generated_pages/techniques/T0093.002.md
index 4e5a76a..6bc510f 100644
--- a/generated_pages/techniques/T0093.002.md
+++ b/generated_pages/techniques/T0093.002.md
@@ -2,13 +2,13 @@
**Summary**: A botnet is a group of bots that can function in coordination with each other.
+**Tactic**: TA15 Establish Assets
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA15
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0093.md b/generated_pages/techniques/T0093.md
index 5045a02..eac143c 100644
--- a/generated_pages/techniques/T0093.md
+++ b/generated_pages/techniques/T0093.md
@@ -2,13 +2,13 @@
**Summary**: Operators acquire an existing network by paying, recruiting, or exerting control over the leaders of the existing network.
+**Tactic**: TA15 Establish Assets
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA15
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0094.001.md b/generated_pages/techniques/T0094.001.md
index e0d3b1a..4152562 100644
--- a/generated_pages/techniques/T0094.001.md
+++ b/generated_pages/techniques/T0094.001.md
@@ -2,13 +2,13 @@
**Summary**: When seeking to infiltrate an existing network, an influence operation may identify individuals and groups that might be susceptible to being co-opted or influenced.
+**Tactic**: TA15 Establish Assets
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA15
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0094.002.md b/generated_pages/techniques/T0094.002.md
index 744d7e5..d69ea5a 100644
--- a/generated_pages/techniques/T0094.002.md
+++ b/generated_pages/techniques/T0094.002.md
@@ -2,13 +2,13 @@
**Summary**: Butterfly attacks occur when operators pretend to be members of a certain social group, usually a group that struggles for representation. An influence operation may mimic a group to insert controversial statements into the discourse, encourage the spread of operation content, or promote harassment among group members. Unlike astroturfing, butterfly attacks aim to infiltrate and discredit existing grassroots movements, organisations, and media campaigns.
+**Tactic**: TA15 Establish Assets
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA15
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0094.md b/generated_pages/techniques/T0094.md
index 8fa4117..6be4a56 100644
--- a/generated_pages/techniques/T0094.md
+++ b/generated_pages/techniques/T0094.md
@@ -2,13 +2,13 @@
**Summary**: Operators deceptively insert social assets into existing networks as group members in order to influence the members of the network and the wider information environment that the network impacts.
+**Tactic**: TA15 Establish Assets
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA15
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0095.md b/generated_pages/techniques/T0095.md
index 2d8059e..84e7035 100644
--- a/generated_pages/techniques/T0095.md
+++ b/generated_pages/techniques/T0095.md
@@ -2,13 +2,13 @@
**Summary**: An owned media asset refers to an agency or organisation through which an influence operation may create, develop, and host content and narratives. Owned media assets include websites, blogs, social media pages, forums, and other platforms that facilitate the creation and organisation of content.
+**Tactic**: TA15 Establish Assets
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA15
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0096.001.md b/generated_pages/techniques/T0096.001.md
index ea054bb..40ceecd 100644
--- a/generated_pages/techniques/T0096.001.md
+++ b/generated_pages/techniques/T0096.001.md
@@ -2,13 +2,13 @@
**Summary**: An influence operation may create an organisation for creating and amplifying campaign artefacts at scale.
+**Tactic**: TA15 Establish Assets
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA15
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0096.002.md b/generated_pages/techniques/T0096.002.md
index dcc3dd4..eb83c8f 100644
--- a/generated_pages/techniques/T0096.002.md
+++ b/generated_pages/techniques/T0096.002.md
@@ -2,13 +2,13 @@
**Summary**: An influence operation may outsource content creation to external companies to avoid attribution, increase the rate of content creation, or improve content quality, i.e., by employing an organisation that can create content in the target audience’s native language. Employed organisations may include marketing companies for tailored advertisements or external content farms for high volumes of targeted media.
+**Tactic**: TA15 Establish Assets
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA15
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0096.md b/generated_pages/techniques/T0096.md
index 1bef03f..6ae2c45 100644
--- a/generated_pages/techniques/T0096.md
+++ b/generated_pages/techniques/T0096.md
@@ -2,13 +2,13 @@
**Summary**: Using the services of large-scale content providers for creating and amplifying campaign artefacts at scale.
+**Tactic**: TA15 Establish Assets
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA15
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0097.100.md b/generated_pages/techniques/T0097.100.md
index 525214a..1e71fbb 100644
--- a/generated_pages/techniques/T0097.100.md
+++ b/generated_pages/techniques/T0097.100.md
@@ -2,13 +2,13 @@
**Summary**: This sub-technique can be used to indicate that an entity is presenting itself as an individual. If the person is presenting themselves as having one of the personas listed below then these sub-techniques should be used instead, as they indicate both the type of persona they presented and that the entity presented itself as an individual:
T0097.101: Local Persona
T0097.102: Journalist Persona
T0097.103: Activist Persona
T0097.104: Hacktivist Persona
T0097.105: Military Personnel Persona
T0097.106: Recruiter Persona
T0097.107: Researcher Persona
T0097.108: Expert Persona
T0097.109: Romantic Suitor Persona
T0097.110: Party Official Persona
T0097.111: Government Official Persona
T0097.112: Government Employee Persona
+**Tactic**: TA16 Establish Legitimacy
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA16
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0097.101.md b/generated_pages/techniques/T0097.101.md
index 7f6e688..954db41 100644
--- a/generated_pages/techniques/T0097.101.md
+++ b/generated_pages/techniques/T0097.101.md
@@ -2,14 +2,14 @@
**Summary**: A person with a local persona presents themselves as living in a particular geography or having local knowledge relevant to a narrative.
While presenting as a local is not an indication of inauthentic behaviour, an influence operation may have its narratives amplified by people presenting as local to a target area. Threat actors can fabricate locals (T0143.002: Fabricated Persona, T0097.101: Local Persona) to add credibility to their narratives, or to misrepresent the real opinions of locals in the area.
People who are legitimate locals (T0143.001: Authentic Persona, T0097.101: Local Persona) can use their persona for malicious purposes, or be exploited by threat actors. For example, someone could take money for using their position as a local to provide legitimacy to a false narrative or be tricked into doing so without their knowledge.
+**Tactic**: TA16 Establish Legitimacy
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-| [T0097.201 Local Institution Persona](../../generated_pages/techniques/T0097.201.md) | AT00000003 Analysts should use this sub-technique to catalogue cases where an institution is presenting as a local, such as a local news organisation or local business. |
+| [T0097.201 Local Institution Persona](../../generated_pages/techniques/T0097.201.md) | Analysts should use this sub-technique to catalogue cases where an institution is presenting as a local, such as a local news organisation or local business. |
-**Belongs to tactic stage**: TA16
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0097.102.md b/generated_pages/techniques/T0097.102.md
index 0caa226..2a64d41 100644
--- a/generated_pages/techniques/T0097.102.md
+++ b/generated_pages/techniques/T0097.102.md
@@ -1,14 +1,16 @@
# Technique T0097.102: Journalist Persona
-**Summary**: A person with a journalist persona presents themselves as a reporter or journalist delivering news, conducting interviews, investigations etc.
While presenting as a journalist is not an indication of inauthentic behaviour, an influence operation may have its narratives amplified by people presenting as journalists. Threat actors can fabricate journalists to give the appearance of legitimacy, justifying the actor’s requests for interviews, etc (T0143.002: Fabricated Persona, T0097.102: Journalist Persona).
People who have legitimately developed a persona as a journalist (T0143.001: Authentic Persona, T0097.102: Journalist Persona) can use it for malicious purposes, or be exploited by threat actors. For example, someone could take money for using their position as a trusted journalist to provide legitimacy to a false narrative or be tricked into doing so without the journalist’s knowledge.
Associated Techniques and Sub-techniques
T0097.202: News Organisation Persona: People with a journalist persona may present as being part of a news organisation.
T0097.101: Local Persona: People with a journalist persona may present themselves as local reporters.
+**Summary**: A person with a journalist persona presents themselves as a reporter or journalist delivering news, conducting interviews, investigations etc.
While presenting as a journalist is not an indication of inauthentic behaviour, an influence operation may have its narratives amplified by people presenting as journalists. Threat actors can fabricate journalists to give the appearance of legitimacy, justifying the actor’s requests for interviews, etc (T0143.002: Fabricated Persona, T0097.102: Journalist Persona).
People who have legitimately developed a persona as a journalist (T0143.001: Authentic Persona, T0097.102: Journalist Persona) can use it for malicious purposes, or be exploited by threat actors. For example, someone could take money for using their position as a trusted journalist to provide legitimacy to a false narrative or be tricked into doing so without the journalist’s knowledge.
+
+**Tactic**: TA16 Establish Legitimacy
-| Associated Technique | When to use |
+| Associated Technique | Description |
| --------- | ------------------------- |
+| [T0097.101 Local Persona](../../generated_pages/techniques/T0097.101.md) | People with a journalist persona may present themselves as local reporters. |
+| [T0097.202 News Outlet Persona](../../generated_pages/techniques/T0097.202.md) | People with a journalist persona may present as being part of a news organisation. |
-**Belongs to tactic stage**: TA16
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0097.103.md b/generated_pages/techniques/T0097.103.md
index 607892e..acfa543 100644
--- a/generated_pages/techniques/T0097.103.md
+++ b/generated_pages/techniques/T0097.103.md
@@ -1,14 +1,17 @@
# Technique T0097.103: Activist Persona
-**Summary**: A person with an activist persona presents themselves as an activist; an individual who campaigns for a political cause, organises related events, etc.
While presenting as an activist is not an indication of inauthentic behaviour, an influence operation may have its narratives amplified by people presenting as activists. Threat actors can fabricate activists to give the appearance of popular support for an evolving grassroots movement (see T0143.002: Fabricated Persona, T0097.103: Activist Persona).
People who are legitimate activists can use this persona for malicious purposes, or be exploited by threat actors. For example, someone could take money for using their position as an activist to provide visibility to a false narrative or be tricked into doing so without their knowledge (T0143.001: Authentic Persona, T0097.103: Activist Persona).
Associated Techniques and Sub-techniques
T0097.104: Hacktivist Persona: Analysts should use this sub-technique to catalogue cases where an individual is presenting themselves as someone engaged in activism who uses technical tools and methods, including building technical infrastructure and conducting offensive cyber operations, to achieve their goals.
T0097.207: NGO Persona: People with an activist persona may present as being part of an NGO.
T0097.208: Social Cause Persona: Analysts should use this sub-technique to catalogue cases where an online account is presenting as posting content related to a particular social cause, while not presenting as an individual.
+**Summary**: A person with an activist persona presents themselves as an activist; an individual who campaigns for a political cause, organises related events, etc.
While presenting as an activist is not an indication of inauthentic behaviour, an influence operation may have its narratives amplified by people presenting as activists. Threat actors can fabricate activists to give the appearance of popular support for an evolving grassroots movement (see T0143.002: Fabricated Persona, T0097.103: Activist Persona).
People who are legitimate activists can use this persona for malicious purposes, or be exploited by threat actors. For example, someone could take money for using their position as an activist to provide visibility to a false narrative or be tricked into doing so without their knowledge (T0143.001: Authentic Persona, T0097.103: Activist Persona).
+
+**Tactic**: TA16 Establish Legitimacy
-| Associated Technique | When to use |
+| Associated Technique | Description |
| --------- | ------------------------- |
+| [T0097.104 Hacktivist Persona](../../generated_pages/techniques/T0097.104.md) | Analysts should use this sub-technique to catalogue cases where an individual is presenting themselves as someone engaged in activism who uses technical tools and methods, including building technical infrastructure and conducting offensive cyber operations, to achieve their goals. |
+| [T0097.207 NGO Persona](../../generated_pages/techniques/T0097.207.md) | People with an activist persona may present as being part of an NGO. |
+| [T0097.208 Social Cause Persona](../../generated_pages/techniques/T0097.208.md) | Analysts should use this sub-technique to catalogue cases where an online account is presenting as posting content related to a particular social cause, while not presenting as an individual. |
-**Belongs to tactic stage**: TA16
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0097.104.md b/generated_pages/techniques/T0097.104.md
index d14b65c..7d8ff43 100644
--- a/generated_pages/techniques/T0097.104.md
+++ b/generated_pages/techniques/T0097.104.md
@@ -1,14 +1,15 @@
# Technique T0097.104: Hacktivist Persona
-**Summary**: A person with a hacktivist persona presents themselves as an activist who conducts offensive cyber operations or builds technical infrastructure for political purposes, rather than the financial motivations commonly attributed to hackers; hacktivists are hacker activists who use their technical knowledge to take political action.
Hacktivists can build technical infrastructure to support other activists, including secure communication channels and surveillance and censorship circumvention. They can also conduct DDOS attacks and other offensive cyber operations, aiming to take down digital assets or gain access to proprietary information. An influence operation may use hacktivist personas to support their operational narratives and legitimise their operational activities.
Fabricated Hacktivists are sometimes referred to as “Faketivists”.
Associated Techniques and Sub-techniques
T0097.103: Activist Persona: Analysts should use this sub-technique to catalogue cases where an individual is presenting themselves as someone engaged in activism but doesn’t present themselves as using technical tools and methods to achieve their goals.
+**Summary**: A person with a hacktivist persona presents themselves as an activist who conducts offensive cyber operations or builds technical infrastructure for political purposes, rather than the financial motivations commonly attributed to hackers; hacktivists are hacker activists who use their technical knowledge to take political action.
Hacktivists can build technical infrastructure to support other activists, including secure communication channels and surveillance and censorship circumvention. They can also conduct DDOS attacks and other offensive cyber operations, aiming to take down digital assets or gain access to proprietary information. An influence operation may use hacktivist personas to support their operational narratives and legitimise their operational activities.
Fabricated Hacktivists are sometimes referred to as “Faketivists”.
+
+**Tactic**: TA16 Establish Legitimacy
-| Associated Technique | When to use |
+| Associated Technique | Description |
| --------- | ------------------------- |
+| [T0097.103 Activist Persona](../../generated_pages/techniques/T0097.103.md) | Analysts should use this sub-technique to catalogue cases where an individual is presenting themselves as someone engaged in activism but doesn’t present themselves as using technical tools and methods to achieve their goals. |
-**Belongs to tactic stage**: TA16
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0097.105.md b/generated_pages/techniques/T0097.105.md
index 3f1f9d1..18ef424 100644
--- a/generated_pages/techniques/T0097.105.md
+++ b/generated_pages/techniques/T0097.105.md
@@ -2,13 +2,13 @@
**Summary**: A person with a military personnel persona presents themselves as a serving member or veteran of a military organisation operating in an official capacity on behalf of a government.
While presenting as military personnel is not an indication of inauthentic behaviour, an influence operation may have its narratives amplified by people presenting as military personnel. Threat actors can fabricate military personnel (T0143.002: Fabricated Persona, T0097.105: Military Personnel Persona) to pose as experts on military topics, or to discredit geopolitical adversaries by pretending to be one of their military personnel and spreading discontent.
People who have legitimately developed a military persona (T0143.001: Authentic Persona, T0097.105: Military Personnel Persona) can use it for malicious purposes, or be exploited by threat actors. For example, someone could take money for using their position as a member of the military to provide legitimacy to a false narrative or be tricked into doing so without their knowledge.
+**Tactic**: TA16 Establish Legitimacy
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA16
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0097.106.md b/generated_pages/techniques/T0097.106.md
index 4242ddd..91cc651 100644
--- a/generated_pages/techniques/T0097.106.md
+++ b/generated_pages/techniques/T0097.106.md
@@ -1,14 +1,15 @@
# Technique T0097.106: Recruiter Persona
-**Summary**: A person with a recruiter persona presents themselves as a potential employer or provider of freelance work.
While presenting as a recruiter is not an indication of inauthentic behaviour, threat actors fabricate recruiters (T0143.002: Fabricated Persona, T0097.106: Recruiter Persona) to justify asking for personal information from their targets or to trick targets into working for the threat actors (without revealing who they are).
Associated Techniques and Sub-techniques
T0097.205: Business Persona: People with a recruiter persona may present as being part of a business which they are recruiting for.
+**Summary**: A person with a recruiter persona presents themselves as a potential employer or provider of freelance work.
While presenting as a recruiter is not an indication of inauthentic behaviour, threat actors fabricate recruiters (T0143.002: Fabricated Persona, T0097.106: Recruiter Persona) to justify asking for personal information from their targets or to trick targets into working for the threat actors (without revealing who they are).
+
+**Tactic**: TA16 Establish Legitimacy
-| Associated Technique | When to use |
+| Associated Technique | Description |
| --------- | ------------------------- |
+| [T0097.205 Business Persona](../../generated_pages/techniques/T0097.205.md) | People with a recruiter persona may present as being part of a business which they are recruiting for. |
-**Belongs to tactic stage**: TA16
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0097.107.md b/generated_pages/techniques/T0097.107.md
index 7501095..19a2c76 100644
--- a/generated_pages/techniques/T0097.107.md
+++ b/generated_pages/techniques/T0097.107.md
@@ -1,14 +1,16 @@
# Technique T0097.107: Researcher Persona
-**Summary**: A person with a researcher persona presents themselves as conducting research (e.g. for academic institutions, or think tanks), or having previously conducted research.
While presenting as a researcher is not an indication of inauthentic behaviour, an influence operation may have its narratives amplified by people presenting as researchers. Threat actors can fabricate researchers (T0143.002: Fabricated Persona, T0097.107: Researcher Persona) to add credibility to their narratives.
People who are legitimate researchers (T0143.001: Authentic Persona, T0097.107: Researcher Persona) can use their persona for malicious purposes, or be exploited by threat actors. For example, someone could take money for using their position as a Researcher to provide legitimacy to a false narrative or be tricked into doing so without their knowledge.
Associated Techniques and Sub-techniques
T0097.204: Think Tank Persona: People with a researcher persona may present as being part of a think tank.
T0097.108: Expert Persona: People who present as researching a given topic are likely to also present as having expertise in the area.
+**Summary**: A person with a researcher persona presents themselves as conducting research (e.g. for academic institutions, or think tanks), or having previously conducted research.
While presenting as a researcher is not an indication of inauthentic behaviour, an influence operation may have its narratives amplified by people presenting as researchers. Threat actors can fabricate researchers (T0143.002: Fabricated Persona, T0097.107: Researcher Persona) to add credibility to their narratives.
People who are legitimate researchers (T0143.001: Authentic Persona, T0097.107: Researcher Persona) can use their persona for malicious purposes, or be exploited by threat actors. For example, someone could take money for using their position as a Researcher to provide legitimacy to a false narrative or be tricked into doing so without their knowledge.
+
+**Tactic**: TA16 Establish Legitimacy
-| Associated Technique | When to use |
+| Associated Technique | Description |
| --------- | ------------------------- |
+| [T0097.108 Expert Persona](../../generated_pages/techniques/T0097.108.md) | People who present as researching a given topic are likely to also present as having expertise in the area. |
+| [T0097.204 Think Tank Persona](../../generated_pages/techniques/T0097.204.md) | People with a researcher persona may present as being part of a think tank. |
-**Belongs to tactic stage**: TA16
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0097.108.md b/generated_pages/techniques/T0097.108.md
index 186d863..307ed69 100644
--- a/generated_pages/techniques/T0097.108.md
+++ b/generated_pages/techniques/T0097.108.md
@@ -1,14 +1,16 @@
# Technique T0097.108: Expert Persona
-**Summary**: A person with an expert persona presents themselves as having expertise or experience in a field. Commonly the persona’s expertise will be called upon to add credibility to a given narrative.
While presenting as an expert is not an indication of inauthentic behaviour, an influence operation may have its narratives amplified by people presenting as experts. Threat actors can fabricate experts (T0143.002: Fabricated Persona, T0097.107: Researcher Persona) to add credibility to their narratives.
People who are legitimate experts (T0143.001: Authentic Persona, T0097.107: Researcher Persona) can make mistakes, use their persona for malicious purposes, or be exploited by threat actors. For example, someone could take money for using their position as an expert to provide legitimacy to a false narrative or be tricked into doing so without their knowledge.
Associated Techniques and Sub-techniques
T0097.107: Researcher Persona: People who present as experts may also present as conducting or having conducted research into their specialist subject.
T0097.204: Think Tank Persona: People with an expert persona may present as being part of a think tank.
+**Summary**: A person with an expert persona presents themselves as having expertise or experience in a field. Commonly the persona’s expertise will be called upon to add credibility to a given narrative.
While presenting as an expert is not an indication of inauthentic behaviour, an influence operation may have its narratives amplified by people presenting as experts. Threat actors can fabricate experts (T0143.002: Fabricated Persona, T0097.107: Researcher Persona) to add credibility to their narratives.
People who are legitimate experts (T0143.001: Authentic Persona, T0097.107: Researcher Persona) can make mistakes, use their persona for malicious purposes, or be exploited by threat actors. For example, someone could take money for using their position as an expert to provide legitimacy to a false narrative or be tricked into doing so without their knowledge.
+
+**Tactic**: TA16 Establish Legitimacy
-| Associated Technique | When to use |
+| Associated Technique | Description |
| --------- | ------------------------- |
+| [T0097.107 Researcher Persona](../../generated_pages/techniques/T0097.107.md) | People who present as experts may also present as conducting or having conducted research into their specialist subject. |
+| [T0097.204 Think Tank Persona](../../generated_pages/techniques/T0097.204.md) | People with an expert persona may present as being part of a think tank. |
-**Belongs to tactic stage**: TA16
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0097.109.md b/generated_pages/techniques/T0097.109.md
index c6dd588..0f8a4db 100644
--- a/generated_pages/techniques/T0097.109.md
+++ b/generated_pages/techniques/T0097.109.md
@@ -1,14 +1,15 @@
# Technique T0097.109: Romantic Suitor Persona
-**Summary**: A person with a romantic suitor persona presents themselves as seeking a romantic or physical connection with another person.
While presenting as seeking a romantic or physical connection is not an indication of inauthentic behaviour, threat actors can use dating apps, social media channels or dating websites to fabricate romantic suitors to lure targets they can blackmail, extract information from, deceive or trick into giving them money (T0143.002: Fabricated Persona, T0097.109: Romantic Suitor Persona).
Honeypotting in espionage and Big Butchering in scamming are commonly associated with romantic suitor personas.
Associated Techniques and Sub-techniques
T0151.017: Dating Platform: Analysts can use this sub-technique for tagging cases where an account has been identified as using a dating platform.
+**Summary**: A person with a romantic suitor persona presents themselves as seeking a romantic or physical connection with another person.
While presenting as seeking a romantic or physical connection is not an indication of inauthentic behaviour, threat actors can use dating apps, social media channels or dating websites to fabricate romantic suitors to lure targets they can blackmail, extract information from, deceive or trick into giving them money (T0143.002: Fabricated Persona, T0097.109: Romantic Suitor Persona).
Honeypotting in espionage and Big Butchering in scamming are commonly associated with romantic suitor personas.
+
+**Tactic**: TA16 Establish Legitimacy
-| Associated Technique | When to use |
+| Associated Technique | Description |
| --------- | ------------------------- |
+| [T0151.017 Dating Platform](../../generated_pages/techniques/T0151.017.md) | Analysts can use this sub-technique for tagging cases where an account has been identified as using a dating platform. |
-**Belongs to tactic stage**: TA16
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0097.110.md b/generated_pages/techniques/T0097.110.md
index 62501fc..7e1a84f 100644
--- a/generated_pages/techniques/T0097.110.md
+++ b/generated_pages/techniques/T0097.110.md
@@ -1,14 +1,15 @@
# Technique T0097.110: Party Official Persona
-**Summary**: A person who presents as an official member of a political party, such as leaders of political parties, candidates standing to represent constituents, and campaign staff.
Presenting as an official of a political party is not an indication of inauthentic behaviour, however threat actors may fabricate individuals who work in political parties to add credibility to their narratives (T0143.002: Fabricated Persona, T0097.110: Party Official Persona). They may also impersonate existing officials of political parties (T0143.003: Impersonated Persona, T0097.110: Party Official Persona).
Legitimate members of political parties could use their persona for malicious purposes, or be exploited by threat actors (T0143.001: Authentic Persona, T0097.110: Party Official Persona). For example, an electoral candidate could take money for using their position to provide legitimacy to a false narrative, or be tricked into doing so without their knowledge.
Associated Techniques and Sub-techniques
T0097.111: Government Official Persona: Analysts should use this sub-technique to catalogue cases where an individual is presenting as a member of a government.
Some party officials will also be government officials. For example, in the United Kingdom the head of government is commonly also the head of their political party.
Some party officials won’t be government officials. For example, members of a party standing in an election, or party officials who work outside of government (e.g. campaign staff).
+**Summary**: A person who presents as an official member of a political party, such as leaders of political parties, candidates standing to represent constituents, and campaign staff.
Presenting as an official of a political party is not an indication of inauthentic behaviour, however threat actors may fabricate individuals who work in political parties to add credibility to their narratives (T0143.002: Fabricated Persona, T0097.110: Party Official Persona). They may also impersonate existing officials of political parties (T0143.003: Impersonated Persona, T0097.110: Party Official Persona).
Legitimate members of political parties could use their persona for malicious purposes, or be exploited by threat actors (T0143.001: Authentic Persona, T0097.110: Party Official Persona). For example, an electoral candidate could take money for using their position to provide legitimacy to a false narrative, or be tricked into doing so without their knowledge.
+
+**Tactic**: TA16 Establish Legitimacy
-| Associated Technique | When to use |
+| Associated Technique | Description |
| --------- | ------------------------- |
+| [T0097.111 Government Official Persona](../../generated_pages/techniques/T0097.111.md) | Analysts should use this sub-technique to catalogue cases where an individual is presenting as a member of a government.
Some party officials will also be government officials. For example, in the United Kingdom the head of government is commonly also the head of their political party.
Some party officials won’t be government officials. For example, members of a party standing in an election, or party officials who work outside of government (e.g. campaign staff). |
-**Belongs to tactic stage**: TA16
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0097.111.md b/generated_pages/techniques/T0097.111.md
index da587a8..746811f 100644
--- a/generated_pages/techniques/T0097.111.md
+++ b/generated_pages/techniques/T0097.111.md
@@ -1,14 +1,17 @@
# Technique T0097.111: Government Official Persona
-**Summary**: A person who presents as an active or previous government official has the government official persona. These are officials serving in government, such as heads of government departments, leaders of countries, and members of government selected to represent constituents.
Presenting as a government official is not an indication of inauthentic behaviour, however threat actors may fabricate individuals who work in government to add credibility to their narratives (T0143.002: Fabricated Persona, T0097.111: Government Official Persona). They may also impersonate existing members of government (T0143.003: Impersonated Persona, T0097.111: Government Official Persona).
Legitimate government officials could use their persona for malicious purposes, or be exploited by threat actors (T0143.001: Authentic Persona, T0097.111: Government Official Persona). For example, a government official could take money for using their position to provide legitimacy to a false narrative, or be tricked into doing so without their knowledge.
Associated Techniques and Sub-techniques
T0097.110: Party Official Persona: Analysts should use this sub-technique to catalogue cases where an individual is presenting as a member of a political party.
Not all government officials are political party officials (such as outside experts brought into government) and not all political party officials are government officials (such as people standing for office who are not yet working in government).
T0097.206: Government Institution Persona: People presenting as members of a government may also represent a government institution which they are associated with.
T0097.112: Government Employee Persona: Analysts should use this sub-technique to document people presenting as professionals hired to serve in government institutions and departments, not officials selected to represent constituents, or assigned official roles in government (such as heads of departments).
+**Summary**: A person who presents as an active or previous government official has the government official persona. These are officials serving in government, such as heads of government departments, leaders of countries, and members of government selected to represent constituents.
Presenting as a government official is not an indication of inauthentic behaviour, however threat actors may fabricate individuals who work in government to add credibility to their narratives (T0143.002: Fabricated Persona, T0097.111: Government Official Persona). They may also impersonate existing members of government (T0143.003: Impersonated Persona, T0097.111: Government Official Persona).
Legitimate government officials could use their persona for malicious purposes, or be exploited by threat actors (T0143.001: Authentic Persona, T0097.111: Government Official Persona). For example, a government official could take money for using their position to provide legitimacy to a false narrative, or be tricked into doing so without their knowledge.
+
+**Tactic**: TA16 Establish Legitimacy
-| Associated Technique | When to use |
+| Associated Technique | Description |
| --------- | ------------------------- |
+| [T0097.110 Party Official Persona](../../generated_pages/techniques/T0097.110.md) | Analysts should use this sub-technique to catalogue cases where an individual is presenting as a member of a political party.
Not all government officials are political party officials (such as outside experts brought into government) and not all political party officials are government officials (such as people standing for office who are not yet working in government). |
+| [T0097.112 Government Employee Persona](../../generated_pages/techniques/T0097.112.md) | Analysts should use this sub-technique to document people presenting as professionals hired to serve in government institutions and departments, not officials selected to represent constituents, or assigned official roles in government (such as heads of departments). |
+| [T0097.206 Government Institution Persona](../../generated_pages/techniques/T0097.206.md) | People presenting as members of a government may also represent a government institution which they are associated with. |
-**Belongs to tactic stage**: TA16
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0097.112.md b/generated_pages/techniques/T0097.112.md
index e263ec7..0fd30f2 100644
--- a/generated_pages/techniques/T0097.112.md
+++ b/generated_pages/techniques/T0097.112.md
@@ -1,14 +1,16 @@
# Technique T0097.112: Government Employee Persona
-**Summary**: A person who presents as an active or previous civil servant has the government employee persona. These are professionals hired to serve in government institutions and departments, not officials selected to represent constituents, or assigned official roles in government (such as heads of departments).
Presenting as a government employee is not an indication of inauthentic behaviour, however threat actors may fabricate individuals who work in government to add credibility to their narratives (T0143.002: Fabricated Persona, T0097.112: Government Employee Persona). They may also impersonate existing government employees (T0143.003: Impersonated Persona, T0097.112: Government Employee Persona).
Legitimate government employees could use their persona for malicious purposes, or be exploited by threat actors (T0143.001: Authentic Persona, T0097.112: Government Employee Persona). For example, a government employee could take money for using their position to provide legitimacy to a false narrative, or be tricked into doing so without their knowledge.
Associated Techniques and Sub-techniques
T0097.111: Government Official Persona: Analysts should use this technique to document people who present as an active or previous government official, such as heads of government departments, leaders of countries, and members of government selected to represent constituents.
T0097.206: Government Institution Persona: People presenting as members of a government may also present a government institution which they are associated with.
+**Summary**: A person who presents as an active or previous civil servant has the government employee persona. These are professionals hired to serve in government institutions and departments, not officials selected to represent constituents, or assigned official roles in government (such as heads of departments).
Presenting as a government employee is not an indication of inauthentic behaviour, however threat actors may fabricate individuals who work in government to add credibility to their narratives (T0143.002: Fabricated Persona, T0097.112: Government Employee Persona). They may also impersonate existing government employees (T0143.003: Impersonated Persona, T0097.112: Government Employee Persona).
Legitimate government employees could use their persona for malicious purposes, or be exploited by threat actors (T0143.001: Authentic Persona, T0097.112: Government Employee Persona). For example, a government employee could take money for using their position to provide legitimacy to a false narrative, or be tricked into doing so without their knowledge.
+
+**Tactic**: TA16 Establish Legitimacy
-| Associated Technique | When to use |
+| Associated Technique | Description |
| --------- | ------------------------- |
+| [T0097.111 Government Official Persona](../../generated_pages/techniques/T0097.111.md) | Analysts should use this technique to document people who present as an active or previous government official, such as heads of government departments, leaders of countries, and members of government selected to represent constituents. |
+| [T0097.206 Government Institution Persona](../../generated_pages/techniques/T0097.206.md) | People presenting as members of a government may also present a government institution which they are associated with. |
-**Belongs to tactic stage**: TA16
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0097.200.md b/generated_pages/techniques/T0097.200.md
index 1e1c1f6..64cdebe 100644
--- a/generated_pages/techniques/T0097.200.md
+++ b/generated_pages/techniques/T0097.200.md
@@ -2,13 +2,13 @@
**Summary**: This Technique can be used to indicate that an entity is presenting itself as an institution. If the organisation is presenting itself as having one of the personas listed below then these Techniques should be used instead, as they indicate both that the entity presented itself as an institution, and the type of persona they presented:
T0097.201: Local Institution Persona
T0097.202: News Outlet Persona
T0097.203: Fact Checking Organisation Persona
T0097.204: Think Tank Persona
T0097.205: Business Persona
T0097.206: Government Institution Persona
T0097.207: NGO Persona
T0097.208: Social Cause Persona
+**Tactic**: TA16 Establish Legitimacy
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA16
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0097.201.md b/generated_pages/techniques/T0097.201.md
index 4c92dd7..2630bdb 100644
--- a/generated_pages/techniques/T0097.201.md
+++ b/generated_pages/techniques/T0097.201.md
@@ -1,14 +1,15 @@
# Technique T0097.201: Local Institution Persona
-**Summary**: Institutions which present themselves as operating in a particular geography, or as having local knowledge relevant to a narrative, are presenting a local institution persona.
While presenting as a local institution is not an indication of inauthentic behaviour, threat actors may present themselves as such (T0143.002: Fabricated Persona, T0097.201: Local Institution Persona) to add credibility to their narratives, or misrepresent the real opinions of locals in the area.
Legitimate local institutions could use their persona for malicious purposes, or be exploited by threat actors (T0143.001: Authentic Persona, T0097.201: Local Institution Persona). For example, a local institution could take money for using their position to provide legitimacy to a false narrative, or be tricked into doing so without their knowledge.
Associated Techniques and Sub-techniques
T0097.101: Local Persona: Institutions presenting as local may also present locals working within the organisation.
+**Summary**: Institutions which present themselves as operating in a particular geography, or as having local knowledge relevant to a narrative, are presenting a local institution persona.
While presenting as a local institution is not an indication of inauthentic behaviour, threat actors may present themselves as such (T0143.002: Fabricated Persona, T0097.201: Local Institution Persona) to add credibility to their narratives, or misrepresent the real opinions of locals in the area.
Legitimate local institutions could use their persona for malicious purposes, or be exploited by threat actors (T0143.001: Authentic Persona, T0097.201: Local Institution Persona). For example, a local institution could take money for using their position to provide legitimacy to a false narrative, or be tricked into doing so without their knowledge.
+
+**Tactic**: TA16 Establish Legitimacy
-| Associated Technique | When to use |
+| Associated Technique | Description |
| --------- | ------------------------- |
+| [T0097.101 Local Persona](../../generated_pages/techniques/T0097.101.md) | Institutions presenting as local may also present locals working within the organisation. |
-**Belongs to tactic stage**: TA16
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0097.202.md b/generated_pages/techniques/T0097.202.md
index c7d8457..3f2eef7 100644
--- a/generated_pages/techniques/T0097.202.md
+++ b/generated_pages/techniques/T0097.202.md
@@ -1,14 +1,17 @@
# Technique T0097.202: News Outlet Persona
-**Summary**: An institution with a news outlet persona presents itself as an organisation which delivers new information to its target audience.
While presenting as a news outlet is not an indication of inauthentic behaviour, an influence operation may have its narratives amplified by news organisations. Threat actors can fabricate news organisations (T0143.002: Fabricated Persona, T0097.202: News Outlet Persona), or they can impersonate existing news outlets (T0143.003: Impersonated Persona, T0097.202: News Outlet Persona).
Legitimate news organisations could use their persona for malicious purposes, or be exploited by threat actors (T0143.001: Authentic Persona, T0097.202: News Outlet Persona).
Associated Techniques and Sub-techniques T0097.102: Journalist Persona: Institutions presenting as news outlets may also present journalists working within the organisation.
T0097.201: Local Institution Persona: Institutions presenting as news outlets may present as being a local news outlet.
T0097.203: Fact Checking Organisation Persona: Institutions presenting as news outlets may also deliver a fact checking service (e.g. The UK’s BBC News has the fact checking service BBC Verify). When an actor presents as the fact checking arm of a news outlet, they are presenting both a News Outlet Persona and a Fact Checking Organisation Persona.
+**Summary**: An institution with a news outlet persona presents itself as an organisation which delivers new information to its target audience.
While presenting as a news outlet is not an indication of inauthentic behaviour, an influence operation may have its narratives amplified by news organisations. Threat actors can fabricate news organisations (T0143.002: Fabricated Persona, T0097.202: News Outlet Persona), or they can impersonate existing news outlets (T0143.003: Impersonated Persona, T0097.202: News Outlet Persona).
Legitimate news organisations could use their persona for malicious purposes, or be exploited by threat actors (T0143.001: Authentic Persona, T0097.202: News Outlet Persona).
+
+**Tactic**: TA16 Establish Legitimacy
-| Associated Technique | When to use |
+| Associated Technique | Description |
| --------- | ------------------------- |
+| [T0097.102 Journalist Persona](../../generated_pages/techniques/T0097.102.md) | Institutions presenting as news outlets may also present journalists working within the organisation. |
+| [T0097.201 Local Institution Persona](../../generated_pages/techniques/T0097.201.md) | Institutions presenting as news outlets may present as being a local news outlet. |
+| [T0097.203 Fact Checking Organisation Persona](../../generated_pages/techniques/T0097.203.md) | Institutions presenting as news outlets may also deliver a fact checking service (e.g. The UK’s BBC News has the fact checking service BBC Verify). When an actor presents as the fact checking arm of a news outlet, they are presenting both a News Outlet Persona and a Fact Checking Organisation Persona. |
-**Belongs to tactic stage**: TA16
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0097.203.md b/generated_pages/techniques/T0097.203.md
index bd84339..053fe3e 100644
--- a/generated_pages/techniques/T0097.203.md
+++ b/generated_pages/techniques/T0097.203.md
@@ -1,14 +1,16 @@
# Technique T0097.203: Fact Checking Organisation Persona
-**Summary**: An institution with a fact checking organisation persona presents itself as an organisation which produces reports which assess the validity of others’ reporting / statements.
While presenting as a fact checking organisation is not an indication of inauthentic behaviour, an influence operation may have its narratives amplified by fact checking organisations. Threat actors can fabricate fact checking organisations (T0143.002: Fabricated Persona, T0097.202: News Outlet Persona), or they can impersonate existing fact checking outlets (T0143.003: Impersonated Persona, T0097.202: News Outlet Persona).
Legitimate fact checking organisations could use their persona for malicious purposes, or be exploited by threat actors (T0143.001: Authentic Persona, T0097.202: News Outlet Persona).
Associated Techniques and Sub-techniques T0097.102: Journalist Persona: Institutions presenting as fact checking organisations may also present journalists working within the organisation.
T0097.202: News Outlet Persona: Fact checking organisations may present as operating as part of a larger news outlet (e.g. The UK’s BBC News has the fact checking service BBC Verify). When an actor presents as the fact checking arm of a news outlet, they are presenting both a News Outlet Persona and a Fact Checking Organisation Persona.
+**Summary**: An institution with a fact checking organisation persona presents itself as an organisation which produces reports which assess the validity of others’ reporting / statements.
While presenting as a fact checking organisation is not an indication of inauthentic behaviour, an influence operation may have its narratives amplified by fact checking organisations. Threat actors can fabricate fact checking organisations (T0143.002: Fabricated Persona, T0097.202: News Outlet Persona), or they can impersonate existing fact checking outlets (T0143.003: Impersonated Persona, T0097.202: News Outlet Persona).
Legitimate fact checking organisations could use their persona for malicious purposes, or be exploited by threat actors (T0143.001: Authentic Persona, T0097.202: News Outlet Persona).
+
+**Tactic**: TA16 Establish Legitimacy
-| Associated Technique | When to use |
+| Associated Technique | Description |
| --------- | ------------------------- |
+| [T0097.102 Journalist Persona](../../generated_pages/techniques/T0097.102.md) | Institutions presenting as fact checking organisations may also present journalists working within the organisation. |
+| [T0097.202 News Outlet Persona](../../generated_pages/techniques/T0097.202.md) | act checking organisations may present as operating as part of a larger news outlet (e.g. The UK’s BBC News has the fact checking service BBC Verify). When an actor presents as the fact checking arm of a news outlet, they are presenting both a News Outlet Persona and a Fact Checking Organisation Persona. |
-**Belongs to tactic stage**: TA16
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0097.204.md b/generated_pages/techniques/T0097.204.md
index e5c4524..08527f1 100644
--- a/generated_pages/techniques/T0097.204.md
+++ b/generated_pages/techniques/T0097.204.md
@@ -1,14 +1,15 @@
# Technique T0097.204: Think Tank Persona
-**Summary**: An institution with a think tank persona presents itself as a think tank; an organisation that aims to conduct original research and propose new policies or solutions, especially for social and scientific problems.
While presenting as a think tank is not an indication of inauthentic behaviour, think tank personas are commonly used by threat actors as a front for their operational activity (T0143.002: Fabricated Persona, T0097.204: Think Tank Persona). They may be created to give legitimacy to narratives and allow them to suggest politically beneficial solutions to societal issues.
Legitimate think tanks could have a political bias that they may not be transparent about, they could use their persona for malicious purposes, or they could be exploited by threat actors (T0143.001: Authentic Persona, T0097.204: Think Tank Persona). For example, a think tank could take money for using their position to provide legitimacy to a false narrative, or be tricked into doing so without their knowledge.
Associated Techniques and Sub-techniques
T0097.107: Researcher Persona: Institutions presenting as think tanks may also present researchers working within the organisation.
+**Summary**: An institution with a think tank persona presents itself as a think tank; an organisation that aims to conduct original research and propose new policies or solutions, especially for social and scientific problems.
While presenting as a think tank is not an indication of inauthentic behaviour, think tank personas are commonly used by threat actors as a front for their operational activity (T0143.002: Fabricated Persona, T0097.204: Think Tank Persona). They may be created to give legitimacy to narratives and allow them to suggest politically beneficial solutions to societal issues.
Legitimate think tanks could have a political bias that they may not be transparent about, they could use their persona for malicious purposes, or they could be exploited by threat actors (T0143.001: Authentic Persona, T0097.204: Think Tank Persona). For example, a think tank could take money for using their position to provide legitimacy to a false narrative, or be tricked into doing so without their knowledge.
+
+**Tactic**: TA16 Establish Legitimacy
-| Associated Technique | When to use |
+| Associated Technique | Description |
| --------- | ------------------------- |
+| [T0097.107 Researcher Persona](../../generated_pages/techniques/T0097.107.md) | Institutions presenting as think tanks may also present researchers working within the organisation. |
-**Belongs to tactic stage**: TA16
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0097.205.md b/generated_pages/techniques/T0097.205.md
index 05f834d..61be0fc 100644
--- a/generated_pages/techniques/T0097.205.md
+++ b/generated_pages/techniques/T0097.205.md
@@ -2,13 +2,13 @@
**Summary**: An institution with a business persona presents itself as a for-profit organisation which provides goods or services for a price.
While presenting as a business is not an indication of inauthentic behaviour, business personas may be used by threat actors as a front for their operational activity (T0143.002: Fabricated Persona, T0097.205: Business Persona).
Threat actors may also impersonate existing businesses (T0143.003: Impersonated Persona, T0097.205: Business Persona) to exploit their brand or cause reputational damage.
Legitimate businesses could use their persona for malicious purposes, or be exploited by threat actors (T0143.001: Authentic Persona, T0097.205: Business Persona). For example, a business could take money for using their position to provide legitimacy to a false narrative, or be tricked into doing so without their knowledge.
+**Tactic**: TA16 Establish Legitimacy
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA16
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0097.206.md b/generated_pages/techniques/T0097.206.md
index bbd7d7f..7c87f12 100644
--- a/generated_pages/techniques/T0097.206.md
+++ b/generated_pages/techniques/T0097.206.md
@@ -1,14 +1,16 @@
# Technique T0097.206: Government Institution Persona
-**Summary**: Institutions which present themselves as governments, or government ministries, are presenting a government institution persona.
While presenting as a government institution is not an indication of inauthentic behaviour, threat actors may impersonate existing government institutions as part of their operation (T0143.003: Impersonated Persona, T0097.206: Government Institution Persona), to add legitimacy to their narratives, or discredit the government.
Legitimate government institutions could use their persona for malicious purposes, or be exploited by threat actors (T0143.001: Authentic Persona, T0097.206: Government Institution Persona). For example, a government institution could be used by elected officials to spread inauthentic narratives.
Associated Techniques and Sub-techniques
T0097.111: Government Official Persona: Institutions presenting as governments may also present officials working within the organisation.
T0097.112: Government Employee Persona: Institutions presenting as governments may also present employees working within the organisation.
+**Summary**: Institutions which present themselves as governments, or government ministries, are presenting a government institution persona.
While presenting as a government institution is not an indication of inauthentic behaviour, threat actors may impersonate existing government institutions as part of their operation (T0143.003: Impersonated Persona, T0097.206: Government Institution Persona), to add legitimacy to their narratives, or discredit the government.
Legitimate government institutions could use their persona for malicious purposes, or be exploited by threat actors (T0143.001: Authentic Persona, T0097.206: Government Institution Persona). For example, a government institution could be used by elected officials to spread inauthentic narratives.
+
+**Tactic**: TA16 Establish Legitimacy
-| Associated Technique | When to use |
+| Associated Technique | Description |
| --------- | ------------------------- |
+| [T0097.111 Government Official Persona](../../generated_pages/techniques/T0097.111.md) | Institutions presenting as governments may also present officials working within the organisation. |
+| [T0097.112 Government Employee Persona](../../generated_pages/techniques/T0097.112.md) | Institutions presenting as governments may also present employees working within the organisation. |
-**Belongs to tactic stage**: TA16
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0097.207.md b/generated_pages/techniques/T0097.207.md
index 20a7b6e..821cddf 100644
--- a/generated_pages/techniques/T0097.207.md
+++ b/generated_pages/techniques/T0097.207.md
@@ -1,14 +1,15 @@
# Technique T0097.207: NGO Persona
-**Summary**: Institutions which present themselves as an NGO (Non-Governmental Organisation), an organisation which provides services or advocates for public policy (while not being directly affiliated with any government), are presenting an NGO persona.
While presenting as an NGO is not an indication of inauthentic behaviour, NGO personas are commonly used by threat actors (such as intelligence services) as a front for their operational activity (T0143.002: Fabricated Persona, T0097.207: NGO Persona). They are created to give legitimacy to the influence operation and potentially infiltrate grassroots movements
Legitimate NGOs could use their persona for malicious purposes, or be exploited by threat actors (T0143.001: Authentic Persona, T0097.207: NGO Persona). For example, an NGO could take money for using their position to provide legitimacy to a false narrative, or be tricked into doing so without their knowledge.
Associated Techniques and Sub-techniques:
T0097.103: Activist Persona: Institutions presenting as activist groups may also present activists working within the organisation.
+**Summary**: Institutions which present themselves as an NGO (Non-Governmental Organisation), an organisation which provides services or advocates for public policy (while not being directly affiliated with any government), are presenting an NGO persona.
While presenting as an NGO is not an indication of inauthentic behaviour, NGO personas are commonly used by threat actors (such as intelligence services) as a front for their operational activity (T0143.002: Fabricated Persona, T0097.207: NGO Persona). They are created to give legitimacy to the influence operation and potentially infiltrate grassroots movements
Legitimate NGOs could use their persona for malicious purposes, or be exploited by threat actors (T0143.001: Authentic Persona, T0097.207: NGO Persona). For example, an NGO could take money for using their position to provide legitimacy to a false narrative, or be tricked into doing so without their knowledge.
+
+**Tactic**: TA16 Establish Legitimacy
-| Associated Technique | When to use |
+| Associated Technique | Description |
| --------- | ------------------------- |
+| [T0097.103 Activist Persona](../../generated_pages/techniques/T0097.103.md) | Institutions presenting as activist groups may also present activists working within the organisation. |
-**Belongs to tactic stage**: TA16
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0097.208.md b/generated_pages/techniques/T0097.208.md
index b536f10..20d3261 100644
--- a/generated_pages/techniques/T0097.208.md
+++ b/generated_pages/techniques/T0097.208.md
@@ -1,14 +1,15 @@
# Technique T0097.208: Social Cause Persona
-**Summary**: Online accounts which present themselves as focusing on a social cause are presenting the Social Cause Persona. Examples include accounts which post about current affairs, such as discrimination faced by minorities.
While presenting as an account invested in a social cause is not an indication of inauthentic behaviour, such personas have been used by threat actors to exploit peoples’ legitimate emotional investment regarding social causes that matter to them (T0143.002: Fabricated Persona, T0097.208: Social Cause Persona).
Legitimate accounts focused on a social cause could use their persona for malicious purposes, or be exploited by threat actors (T0143.001: Authentic Persona, T0097.208: Social Cause Persona). For example, the account holders could take money for using their position to provide legitimacy to a false narrative, or be tricked into doing so without their knowledge.
Associated Techniques and Sub-techniques:
T0097.103: Activist Persona: Analysts should use this sub-technique to catalogue cases where an individual is presenting themselves as an activist related to a social cause. Accounts with social cause personas do not present themselves as individuals, but may have activists controlling the accounts.
+**Summary**: Online accounts which present themselves as focusing on a social cause are presenting the Social Cause Persona. Examples include accounts which post about current affairs, such as discrimination faced by minorities.
While presenting as an account invested in a social cause is not an indication of inauthentic behaviour, such personas have been used by threat actors to exploit peoples’ legitimate emotional investment regarding social causes that matter to them (T0143.002: Fabricated Persona, T0097.208: Social Cause Persona).
Legitimate accounts focused on a social cause could use their persona for malicious purposes, or be exploited by threat actors (T0143.001: Authentic Persona, T0097.208: Social Cause Persona). For example, the account holders could take money for using their position to provide legitimacy to a false narrative, or be tricked into doing so without their knowledge.
+
+**Tactic**: TA16 Establish Legitimacy
-| Associated Technique | When to use |
+| Associated Technique | Description |
| --------- | ------------------------- |
+| [T0097.103 Activist Persona](../../generated_pages/techniques/T0097.103.md) | Analysts should use this sub-technique to catalogue cases where an individual is presenting themselves as an activist related to a social cause. Accounts with social cause personas do not present themselves as individuals, but may have activists controlling the accounts. |
-**Belongs to tactic stage**: TA16
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0097.md b/generated_pages/techniques/T0097.md
index b8205bc..3e3d9d8 100644
--- a/generated_pages/techniques/T0097.md
+++ b/generated_pages/techniques/T0097.md
@@ -2,13 +2,13 @@
**Summary**: This Technique contains different types of personas commonly taken on by threat actors during influence operations.
Analysts should use T0097’s sub-techniques to document the type of persona which an account is presenting. For example, an account which describes itself as being a journalist can be tagged with T0097.102: Journalist Persona.
Personas presented by individuals include:
T0097.100: Individual Persona
T0097.101: Local Persona
T0097.102: Journalist Persona
T0097.103: Activist Persona
T0097.104: Hacktivist Persona
T0097.105: Military Personnel Persona
T0097.106: Recruiter Persona
T0097.107: Researcher Persona
T0097.108: Expert Persona
T0097.109: Romantic Suitor Persona
T0097.110: Party Official Persona
T0097.111: Government Official Persona
T0097.112: Government Employee Persona
This Technique also houses institutional personas commonly taken on by threat actors:
T0097.200: Institutional Persona
T0097.201: Local Institution Persona
T0097.202: News Outlet Persona
T0097.203: Fact Checking Organisation Persona
T0097.204: Think Tank Persona
T0097.205: Business Persona
T0097.206: Government Institution Persona
T0097.207: NGO Persona
T0097.208: Social Cause Persona
By using a persona, a threat actor is adding the perceived legitimacy of the persona to their narratives and activities.
+**Tactic**: TA16 Establish Legitimacy
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA16
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0098.001.md b/generated_pages/techniques/T0098.001.md
index 77d34e4..807e47e 100644
--- a/generated_pages/techniques/T0098.001.md
+++ b/generated_pages/techniques/T0098.001.md
@@ -2,13 +2,13 @@
**Summary**: Create Inauthentic News Sites
+**Tactic**: TA16 Establish Legitimacy
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA16
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0098.002.md b/generated_pages/techniques/T0098.002.md
index a6f80e5..52deb74 100644
--- a/generated_pages/techniques/T0098.002.md
+++ b/generated_pages/techniques/T0098.002.md
@@ -2,13 +2,13 @@
**Summary**: Leverage Existing Inauthentic News Sites
+**Tactic**: TA16 Establish Legitimacy
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA16
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0098.md b/generated_pages/techniques/T0098.md
index 489eb6d..f6974d8 100644
--- a/generated_pages/techniques/T0098.md
+++ b/generated_pages/techniques/T0098.md
@@ -2,13 +2,13 @@
**Summary**: Modern computational propaganda makes use of a cadre of imposter news sites spreading globally. These sites, sometimes motivated by concerns other than propaganda--for instance, click-based revenue--often have some superficial markers of authenticity, such as naming and site-design. But many can be quickly exposed with reference to their owenership, reporting history and adverstising details.
+**Tactic**: TA16 Establish Legitimacy
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA16
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0099.001.md b/generated_pages/techniques/T0099.001.md
deleted file mode 100644
index 8d1e688..0000000
--- a/generated_pages/techniques/T0099.001.md
+++ /dev/null
@@ -1,17 +0,0 @@
-# Technique T0099.001: Astroturfing
-
-* **Summary**: Astroturfing occurs when an influence operation disguises itself as grassroots movement or organisation that supports operation narratives. Unlike butterfly attacks, astroturfing aims to increase the appearance of popular support for the operation cause and does not infiltrate existing groups to discredit their objectives.
-
-* **Belongs to tactic stage**: TA16
-
-
-| Incident | Descriptions given for this incident |
-| -------- | -------------------- |
-
-
-
-| Counters | Response types |
-| -------- | -------------- |
-
-
-DO NOT EDIT ABOVE THIS LINE - PLEASE ADD NOTES BELOW
\ No newline at end of file
diff --git a/generated_pages/techniques/T0099.md b/generated_pages/techniques/T0099.md
deleted file mode 100644
index 8584dc6..0000000
--- a/generated_pages/techniques/T0099.md
+++ /dev/null
@@ -1,23 +0,0 @@
-# Technique T0099: Impersonate Existing Entity
-
-* **Summary**: An influence operation may prepare assets impersonating existing entities (both organisations and people) to further conceal its network identity and add a layer of legitimacy to its operation content. Existing entities may include authentic news outlets, public figures, organisations, or state entities.
-
-Users will more likely believe and less likely fact-check news from recognisable sources rather than unknown sites.
-
-An influence operation may use a wide variety of cyber techniques to impersonate a legitimate entity’s website or social media account.
-
-This Technique was previously called Prepare Assets Impersonating Legitimate Entities.
-
-* **Belongs to tactic stage**: TA16
-
-
-| Incident | Descriptions given for this incident |
-| -------- | -------------------- |
-
-
-
-| Counters | Response types |
-| -------- | -------------- |
-
-
-DO NOT EDIT ABOVE THIS LINE - PLEASE ADD NOTES BELOW
\ No newline at end of file
diff --git a/generated_pages/techniques/T0100.001.md b/generated_pages/techniques/T0100.001.md
index f6ff8a8..3045317 100644
--- a/generated_pages/techniques/T0100.001.md
+++ b/generated_pages/techniques/T0100.001.md
@@ -2,13 +2,13 @@
**Summary**: Co-Opt Trusted Individuals
+**Tactic**: TA16 Establish Legitimacy
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA16
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0100.002.md b/generated_pages/techniques/T0100.002.md
index aaf4291..d191a1a 100644
--- a/generated_pages/techniques/T0100.002.md
+++ b/generated_pages/techniques/T0100.002.md
@@ -2,13 +2,13 @@
**Summary**: Co-Opt Grassroots Groups
+**Tactic**: TA16 Establish Legitimacy
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA16
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0100.003.md b/generated_pages/techniques/T0100.003.md
index dc079c8..ff9899e 100644
--- a/generated_pages/techniques/T0100.003.md
+++ b/generated_pages/techniques/T0100.003.md
@@ -2,13 +2,13 @@
**Summary**: Co-opt Influencers
+**Tactic**: TA16 Establish Legitimacy
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA16
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0100.md b/generated_pages/techniques/T0100.md
index b608e5e..ecffc5b 100644
--- a/generated_pages/techniques/T0100.md
+++ b/generated_pages/techniques/T0100.md
@@ -2,13 +2,13 @@
**Summary**: An influence operation may co-opt trusted sources by infiltrating or repurposing a source to reach a target audience through existing, previously reliable networks. Co-opted trusted sources may include: - National or local new outlets - Research or academic publications - Online blogs or websites
+**Tactic**: TA16 Establish Legitimacy
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA16
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0101.md b/generated_pages/techniques/T0101.md
index bc238b4..9d20adf 100644
--- a/generated_pages/techniques/T0101.md
+++ b/generated_pages/techniques/T0101.md
@@ -2,13 +2,13 @@
**Summary**: Localised content refers to content that appeals to a specific community of individuals, often in defined geographic areas. An operation may create localised content using local language and dialects to resonate with its target audience and blend in with other local news and social media. Localised content may help an operation increase legitimacy, avoid detection, and complicate external attribution.
+**Tactic**: TA05 Microtarget
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA05
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0102.001.md b/generated_pages/techniques/T0102.001.md
index 307eebd..17f504a 100644
--- a/generated_pages/techniques/T0102.001.md
+++ b/generated_pages/techniques/T0102.001.md
@@ -2,13 +2,13 @@
**Summary**: Use existing Echo Chambers/Filter Bubbles
+**Tactic**: TA05 Microtarget
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA05
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0102.002.md b/generated_pages/techniques/T0102.002.md
index ebaf6d9..dc5537c 100644
--- a/generated_pages/techniques/T0102.002.md
+++ b/generated_pages/techniques/T0102.002.md
@@ -2,13 +2,13 @@
**Summary**: Create Echo Chambers/Filter Bubbles
+**Tactic**: TA05 Microtarget
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA05
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0102.003.md b/generated_pages/techniques/T0102.003.md
index 2bb19e5..d224bb3 100644
--- a/generated_pages/techniques/T0102.003.md
+++ b/generated_pages/techniques/T0102.003.md
@@ -2,13 +2,13 @@
**Summary**: A data void refers to a word or phrase that results in little, manipulative, or low-quality search engine data. Data voids are hard to detect and relatively harmless until exploited by an entity aiming to quickly proliferate false or misleading information during a phenomenon that causes a high number of individuals to query the term or phrase. In the Plan phase, an influence operation may identify data voids for later exploitation in the operation. A 2019 report by Michael Golebiewski identifies five types of data voids. (1) “Breaking news” data voids occur when a keyword gains popularity during a short period of time, allowing an influence operation to publish false content before legitimate news outlets have an opportunity to publish relevant information. (2) An influence operation may create a “strategic new terms” data void by creating their own terms and publishing information online before promoting their keyword to the target audience. (3) An influence operation may publish content on “outdated terms” that have decreased in popularity, capitalising on most search engines’ preferences for recency. (4) “Fragmented concepts” data voids separate connections between similar ideas, isolating segment queries to distinct search engine results. (5) An influence operation may use “problematic queries” that previously resulted in disturbing or inappropriate content to promote messaging until mainstream media recontextualizes the term.
+**Tactic**: TA05 Microtarget
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA05
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0102.md b/generated_pages/techniques/T0102.md
index 488e79c..2272982 100644
--- a/generated_pages/techniques/T0102.md
+++ b/generated_pages/techniques/T0102.md
@@ -2,13 +2,13 @@
**Summary**: An echo chamber refers to an internet subgroup, often along ideological lines, where individuals only engage with “others with which they are already in agreement.” A filter bubble refers to an algorithm's placement of an individual in content that they agree with or regularly engage with, possibly entrapping the user into a bubble of their own making. An operation may create these isolated areas of the internet by match existing groups, or aggregating individuals into a single target audience based on shared interests, politics, values, demographics, and other characteristics. Echo chambers and filter bubbles help to reinforce similar biases and content to the same target audience members.
+**Tactic**: TA05 Microtarget
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA05
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0103.001.md b/generated_pages/techniques/T0103.001.md
deleted file mode 100644
index ed4c765..0000000
--- a/generated_pages/techniques/T0103.001.md
+++ /dev/null
@@ -1,17 +0,0 @@
-# Technique T0103.001: Video Livestream
-
-* **Summary**: A video livestream refers to an online video broadcast capability that allows for real-time communication to closed or open networks.
-
-* **Belongs to tactic stage**: TA07
-
-
-| Incident | Descriptions given for this incident |
-| -------- | -------------------- |
-
-
-
-| Counters | Response types |
-| -------- | -------------- |
-
-
-DO NOT EDIT ABOVE THIS LINE - PLEASE ADD NOTES BELOW
\ No newline at end of file
diff --git a/generated_pages/techniques/T0103.002.md b/generated_pages/techniques/T0103.002.md
deleted file mode 100644
index f80ba5c..0000000
--- a/generated_pages/techniques/T0103.002.md
+++ /dev/null
@@ -1,17 +0,0 @@
-# Technique T0103.002: Audio Livestream
-
-* **Summary**: An audio livestream refers to an online audio broadcast capability that allows for real-time communication to closed or open networks.
-
-* **Belongs to tactic stage**: TA07
-
-
-| Incident | Descriptions given for this incident |
-| -------- | -------------------- |
-
-
-
-| Counters | Response types |
-| -------- | -------------- |
-
-
-DO NOT EDIT ABOVE THIS LINE - PLEASE ADD NOTES BELOW
\ No newline at end of file
diff --git a/generated_pages/techniques/T0103.md b/generated_pages/techniques/T0103.md
deleted file mode 100644
index 9927eb6..0000000
--- a/generated_pages/techniques/T0103.md
+++ /dev/null
@@ -1,17 +0,0 @@
-# Technique T0103: Livestream
-
-* **Summary**: A livestream refers to an online broadcast capability that allows for real-time communication to closed or open networks.
-
-* **Belongs to tactic stage**: TA07
-
-
-| Incident | Descriptions given for this incident |
-| -------- | -------------------- |
-
-
-
-| Counters | Response types |
-| -------- | -------------- |
-
-
-DO NOT EDIT ABOVE THIS LINE - PLEASE ADD NOTES BELOW
\ No newline at end of file
diff --git a/generated_pages/techniques/T0104.001.md b/generated_pages/techniques/T0104.001.md
deleted file mode 100644
index a318b57..0000000
--- a/generated_pages/techniques/T0104.001.md
+++ /dev/null
@@ -1,17 +0,0 @@
-# Technique T0104.001: Mainstream Social Networks
-
-* **Summary**: Examples include Facebook, Twitter, LinkedIn, etc.
-
-* **Belongs to tactic stage**: TA07
-
-
-| Incident | Descriptions given for this incident |
-| -------- | -------------------- |
-
-
-
-| Counters | Response types |
-| -------- | -------------- |
-
-
-DO NOT EDIT ABOVE THIS LINE - PLEASE ADD NOTES BELOW
\ No newline at end of file
diff --git a/generated_pages/techniques/T0104.002.md b/generated_pages/techniques/T0104.002.md
deleted file mode 100644
index ff080b3..0000000
--- a/generated_pages/techniques/T0104.002.md
+++ /dev/null
@@ -1,18 +0,0 @@
-# Technique T0104.002: Dating App
-
-* **Summary**: “Dating App” refers to any platform (or platform feature) in which the ostensive purpose is for users to develop a physical/romantic relationship with other users.
Threat Actors can exploit users’ quest for love to trick them into doing things like revealing sensitive information or giving them money.
Examples include Tinder, Bumble, Grindr, Facebook Dating, Tantan, Badoo, Plenty of Fish, hinge, LOVOO, OkCupid, happn, and Mamba.
Associated Techniques and Sub-techniques
T0097.109: Romantic Suitor Persona: Analysts can use this sub-technique for tagging cases where an account presents itself as seeking a romantic or physical connection with another person.
-
-* **Belongs to tactic stage**: TA07
-
-
-| Incident | Descriptions given for this incident |
-| -------- | -------------------- |
-| [I00064 Tinder nightmares: the promise and peril of political bots](../../generated_pages/incidents/I00064.md) | _"In the days leading up to the UK’s [2017] general election, youths looking for love online encountered a whole new kind of Tinder nightmare. A group of young activists built a Tinder chatbot to co-opt profiles and persuade swing voters to support Labour. The bot accounts sent 30,000-40,000 messages to targeted 18-25 year olds in battleground constituencies like Dudley North, which Labour ended up winning by only 22 votes._
_"Tinder is a dating app where users swipe right to indicate attraction and interest in a potential partner. If both people swipe right on each other’s profile, a dialogue box becomes available for them to privately chat. After meeting their crowdfunding goal of only £500, the team built a tool which took over and operated the accounts of recruited Tinder-users. By upgrading the profiles to Tinder Premium, the team was able to place bots in any contested constituency across the UK. Once planted, the bots swiped right on all users in the attempt to get the largest number of matches and inquire into their voting intentions."_
This incident matches T0104.002: Dating App, as users of Tinder were targeted in an attempt to persuade users to vote for a particular party in the upcoming election, rather than for the purpose of connecting those who were authentically interested in dating each other. |
-
-
-
-| Counters | Response types |
-| -------- | -------------- |
-
-
-DO NOT EDIT ABOVE THIS LINE - PLEASE ADD NOTES BELOW
\ No newline at end of file
diff --git a/generated_pages/techniques/T0104.003.md b/generated_pages/techniques/T0104.003.md
deleted file mode 100644
index 697f47e..0000000
--- a/generated_pages/techniques/T0104.003.md
+++ /dev/null
@@ -1,17 +0,0 @@
-# Technique T0104.003: Private/Closed Social Networks
-
-* **Summary**: Social networks that are not open to people outside of family, friends, neighbours, or co-workers. Non-work-related examples include Couple, FamilyWall, 23snaps, and Nextdoor. Some of the larger social network platforms enable closed communities: examples are Instagram Close Friends and Twitter (X) Circle. Work-related examples of private social networks include LinkedIn, Facebook Workplace, and enterprise communication platforms such as Slack or Microsoft Teams.
-
-* **Belongs to tactic stage**: TA07
-
-
-| Incident | Descriptions given for this incident |
-| -------- | -------------------- |
-
-
-
-| Counters | Response types |
-| -------- | -------------- |
-
-
-DO NOT EDIT ABOVE THIS LINE - PLEASE ADD NOTES BELOW
\ No newline at end of file
diff --git a/generated_pages/techniques/T0104.004.md b/generated_pages/techniques/T0104.004.md
deleted file mode 100644
index ba6184a..0000000
--- a/generated_pages/techniques/T0104.004.md
+++ /dev/null
@@ -1,17 +0,0 @@
-# Technique T0104.004: Interest-Based Networks
-
-* **Summary**: Examples include smaller and niche networks including Gettr, Truth Social, Parler, etc.
-
-* **Belongs to tactic stage**: TA07
-
-
-| Incident | Descriptions given for this incident |
-| -------- | -------------------- |
-
-
-
-| Counters | Response types |
-| -------- | -------------- |
-
-
-DO NOT EDIT ABOVE THIS LINE - PLEASE ADD NOTES BELOW
\ No newline at end of file
diff --git a/generated_pages/techniques/T0104.005.md b/generated_pages/techniques/T0104.005.md
deleted file mode 100644
index 112b197..0000000
--- a/generated_pages/techniques/T0104.005.md
+++ /dev/null
@@ -1,17 +0,0 @@
-# Technique T0104.005: Use Hashtags
-
-* **Summary**: Use a dedicated, existing hashtag for the campaign/incident.
-
-* **Belongs to tactic stage**: TA07
-
-
-| Incident | Descriptions given for this incident |
-| -------- | -------------------- |
-
-
-
-| Counters | Response types |
-| -------- | -------------- |
-
-
-DO NOT EDIT ABOVE THIS LINE - PLEASE ADD NOTES BELOW
\ No newline at end of file
diff --git a/generated_pages/techniques/T0104.006.md b/generated_pages/techniques/T0104.006.md
deleted file mode 100644
index 01a9856..0000000
--- a/generated_pages/techniques/T0104.006.md
+++ /dev/null
@@ -1,17 +0,0 @@
-# Technique T0104.006: Create Dedicated Hashtag
-
-* **Summary**: Create a campaign/incident specific hashtag.
-
-* **Belongs to tactic stage**: TA07
-
-
-| Incident | Descriptions given for this incident |
-| -------- | -------------------- |
-
-
-
-| Counters | Response types |
-| -------- | -------------- |
-
-
-DO NOT EDIT ABOVE THIS LINE - PLEASE ADD NOTES BELOW
\ No newline at end of file
diff --git a/generated_pages/techniques/T0104.md b/generated_pages/techniques/T0104.md
deleted file mode 100644
index fe1d82b..0000000
--- a/generated_pages/techniques/T0104.md
+++ /dev/null
@@ -1,17 +0,0 @@
-# Technique T0104: Social Networks
-
-* **Summary**: Social media are interactive digital channels that facilitate the creation and sharing of information, ideas, interests, and other forms of expression through virtual communities and networks.
-
-* **Belongs to tactic stage**: TA07
-
-
-| Incident | Descriptions given for this incident |
-| -------- | -------------------- |
-
-
-
-| Counters | Response types |
-| -------- | -------------- |
-
-
-DO NOT EDIT ABOVE THIS LINE - PLEASE ADD NOTES BELOW
\ No newline at end of file
diff --git a/generated_pages/techniques/T0105.001.md b/generated_pages/techniques/T0105.001.md
deleted file mode 100644
index 9e522bd..0000000
--- a/generated_pages/techniques/T0105.001.md
+++ /dev/null
@@ -1,17 +0,0 @@
-# Technique T0105.001: Photo Sharing
-
-* **Summary**: Examples include Instagram, Snapchat, Flickr, etc
-
-* **Belongs to tactic stage**: TA07
-
-
-| Incident | Descriptions given for this incident |
-| -------- | -------------------- |
-
-
-
-| Counters | Response types |
-| -------- | -------------- |
-
-
-DO NOT EDIT ABOVE THIS LINE - PLEASE ADD NOTES BELOW
\ No newline at end of file
diff --git a/generated_pages/techniques/T0105.002.md b/generated_pages/techniques/T0105.002.md
deleted file mode 100644
index e9c7ceb..0000000
--- a/generated_pages/techniques/T0105.002.md
+++ /dev/null
@@ -1,17 +0,0 @@
-# Technique T0105.002: Video Sharing
-
-* **Summary**: Examples include Youtube, TikTok, ShareChat, Rumble, etc
-
-* **Belongs to tactic stage**: TA07
-
-
-| Incident | Descriptions given for this incident |
-| -------- | -------------------- |
-
-
-
-| Counters | Response types |
-| -------- | -------------- |
-
-
-DO NOT EDIT ABOVE THIS LINE - PLEASE ADD NOTES BELOW
\ No newline at end of file
diff --git a/generated_pages/techniques/T0105.003.md b/generated_pages/techniques/T0105.003.md
deleted file mode 100644
index 9f376f9..0000000
--- a/generated_pages/techniques/T0105.003.md
+++ /dev/null
@@ -1,17 +0,0 @@
-# Technique T0105.003: Audio Sharing
-
-* **Summary**: Examples include podcasting apps, Soundcloud, etc.
-
-* **Belongs to tactic stage**: TA07
-
-
-| Incident | Descriptions given for this incident |
-| -------- | -------------------- |
-
-
-
-| Counters | Response types |
-| -------- | -------------- |
-
-
-DO NOT EDIT ABOVE THIS LINE - PLEASE ADD NOTES BELOW
\ No newline at end of file
diff --git a/generated_pages/techniques/T0105.md b/generated_pages/techniques/T0105.md
deleted file mode 100644
index 4ed2984..0000000
--- a/generated_pages/techniques/T0105.md
+++ /dev/null
@@ -1,17 +0,0 @@
-# Technique T0105: Media Sharing Networks
-
-* **Summary**: Media sharing networks refer to services whose primary function is the hosting and sharing of specific forms of media. Examples include Instagram, Snapchat, TikTok, Youtube, SoundCloud.
-
-* **Belongs to tactic stage**: TA07
-
-
-| Incident | Descriptions given for this incident |
-| -------- | -------------------- |
-
-
-
-| Counters | Response types |
-| -------- | -------------- |
-
-
-DO NOT EDIT ABOVE THIS LINE - PLEASE ADD NOTES BELOW
\ No newline at end of file
diff --git a/generated_pages/techniques/T0106.001.md b/generated_pages/techniques/T0106.001.md
deleted file mode 100644
index cfaa985..0000000
--- a/generated_pages/techniques/T0106.001.md
+++ /dev/null
@@ -1,17 +0,0 @@
-# Technique T0106.001: Anonymous Message Boards
-
-* **Summary**: Examples include the Chans
-
-* **Belongs to tactic stage**: TA07
-
-
-| Incident | Descriptions given for this incident |
-| -------- | -------------------- |
-
-
-
-| Counters | Response types |
-| -------- | -------------- |
-
-
-DO NOT EDIT ABOVE THIS LINE - PLEASE ADD NOTES BELOW
\ No newline at end of file
diff --git a/generated_pages/techniques/T0106.md b/generated_pages/techniques/T0106.md
deleted file mode 100644
index c92ea84..0000000
--- a/generated_pages/techniques/T0106.md
+++ /dev/null
@@ -1,17 +0,0 @@
-# Technique T0106: Discussion Forums
-
-* **Summary**: Platforms for finding, discussing, and sharing information and opinions. Examples include Reddit, Quora, Digg, message boards, interest-based discussion forums, etc.
-
-* **Belongs to tactic stage**: TA07
-
-
-| Incident | Descriptions given for this incident |
-| -------- | -------------------- |
-
-
-
-| Counters | Response types |
-| -------- | -------------- |
-
-
-DO NOT EDIT ABOVE THIS LINE - PLEASE ADD NOTES BELOW
\ No newline at end of file
diff --git a/generated_pages/techniques/T0107.md b/generated_pages/techniques/T0107.md
index 87ebeef..1cca96f 100644
--- a/generated_pages/techniques/T0107.md
+++ b/generated_pages/techniques/T0107.md
@@ -2,13 +2,13 @@
**Summary**: Platforms for searching, sharing, and curating content and media. Examples include Pinterest, Flipboard, etc.
+**Tactic**: TA07 Select Channels and Affordances
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA07
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0108.md b/generated_pages/techniques/T0108.md
deleted file mode 100644
index 679b708..0000000
--- a/generated_pages/techniques/T0108.md
+++ /dev/null
@@ -1,17 +0,0 @@
-# Technique T0108: Blogging and Publishing Networks
-
-* **Summary**: Examples include WordPress, Blogger, Weebly, Tumblr, Medium, etc.
-
-* **Belongs to tactic stage**: TA07
-
-
-| Incident | Descriptions given for this incident |
-| -------- | -------------------- |
-
-
-
-| Counters | Response types |
-| -------- | -------------- |
-
-
-DO NOT EDIT ABOVE THIS LINE - PLEASE ADD NOTES BELOW
\ No newline at end of file
diff --git a/generated_pages/techniques/T0109.md b/generated_pages/techniques/T0109.md
index 9cefe33..909982c 100644
--- a/generated_pages/techniques/T0109.md
+++ b/generated_pages/techniques/T0109.md
@@ -2,13 +2,13 @@
**Summary**: Platforms for finding, reviewing, and sharing information about brands, products, services, restaurants, travel destinations, etc. Examples include Yelp, TripAdvisor, etc.
+**Tactic**: TA07 Select Channels and Affordances
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA07
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0110.md b/generated_pages/techniques/T0110.md
index 3a5f602..e661206 100644
--- a/generated_pages/techniques/T0110.md
+++ b/generated_pages/techniques/T0110.md
@@ -2,13 +2,13 @@
**Summary**: Leveraging formal, traditional, diplomatic channels to communicate with foreign governments (written documents, meetings, summits, diplomatic visits, etc). This type of diplomacy is conducted by diplomats of one nation with diplomats and other officials of another nation or international organisation.
+**Tactic**: TA07 Select Channels and Affordances
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA07
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0111.001.md b/generated_pages/techniques/T0111.001.md
index 4313c4b..fec9f4c 100644
--- a/generated_pages/techniques/T0111.001.md
+++ b/generated_pages/techniques/T0111.001.md
@@ -2,13 +2,13 @@
**Summary**: TV
+**Tactic**: TA07 Select Channels and Affordances
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA07
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0111.002.md b/generated_pages/techniques/T0111.002.md
index b746f61..b5265c1 100644
--- a/generated_pages/techniques/T0111.002.md
+++ b/generated_pages/techniques/T0111.002.md
@@ -2,13 +2,13 @@
**Summary**: Newspaper
+**Tactic**: TA07 Select Channels and Affordances
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA07
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0111.003.md b/generated_pages/techniques/T0111.003.md
index b68d0b4..3798be6 100644
--- a/generated_pages/techniques/T0111.003.md
+++ b/generated_pages/techniques/T0111.003.md
@@ -2,13 +2,13 @@
**Summary**: Radio
+**Tactic**: TA07 Select Channels and Affordances
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA07
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0111.md b/generated_pages/techniques/T0111.md
index 1622901..d979371 100644
--- a/generated_pages/techniques/T0111.md
+++ b/generated_pages/techniques/T0111.md
@@ -2,13 +2,13 @@
**Summary**: Examples include TV, Newspaper, Radio, etc.
+**Tactic**: TA07 Select Channels and Affordances
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA07
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0112.md b/generated_pages/techniques/T0112.md
deleted file mode 100644
index 30d18ab..0000000
--- a/generated_pages/techniques/T0112.md
+++ /dev/null
@@ -1,17 +0,0 @@
-# Technique T0112: Email
-
-* **Summary**: Delivering content and narratives via email. This can include using list management or high-value individually targeted messaging.
-
-* **Belongs to tactic stage**: TA07
-
-
-| Incident | Descriptions given for this incident |
-| -------- | -------------------- |
-
-
-
-| Counters | Response types |
-| -------- | -------------- |
-
-
-DO NOT EDIT ABOVE THIS LINE - PLEASE ADD NOTES BELOW
\ No newline at end of file
diff --git a/generated_pages/techniques/T0113.md b/generated_pages/techniques/T0113.md
index 29f1b7c..56a5032 100644
--- a/generated_pages/techniques/T0113.md
+++ b/generated_pages/techniques/T0113.md
@@ -2,13 +2,13 @@
**Summary**: Commercial analytic firms collect data on target audience activities and evaluate the data to detect trends, such as content receiving high click-rates. An influence operation may employ commercial analytic firms to facilitate external collection on its target audience, complicating attribution efforts and better tailoring the content to audience preferences.
+**Tactic**: TA15 Establish Assets
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA15
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0114.001.md b/generated_pages/techniques/T0114.001.md
index a882b0a..ca73142 100644
--- a/generated_pages/techniques/T0114.001.md
+++ b/generated_pages/techniques/T0114.001.md
@@ -2,13 +2,13 @@
**Summary**: Social Media
+**Tactic**: TA09 Deliver Content
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA09
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0114.002.md b/generated_pages/techniques/T0114.002.md
index d168c59..305121a 100644
--- a/generated_pages/techniques/T0114.002.md
+++ b/generated_pages/techniques/T0114.002.md
@@ -2,13 +2,13 @@
**Summary**: Examples include TV, Radio, Newspaper, billboards
+**Tactic**: TA09 Deliver Content
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA09
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0114.md b/generated_pages/techniques/T0114.md
index 7cfeaa2..b630bad 100644
--- a/generated_pages/techniques/T0114.md
+++ b/generated_pages/techniques/T0114.md
@@ -2,13 +2,13 @@
**Summary**: Delivering content via any form of paid media or advertising.
+**Tactic**: TA09 Deliver Content
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA09
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0115.001.md b/generated_pages/techniques/T0115.001.md
index 9d28738..7d4e570 100644
--- a/generated_pages/techniques/T0115.001.md
+++ b/generated_pages/techniques/T0115.001.md
@@ -2,13 +2,13 @@
**Summary**: Memes are one of the most important single artefact types in all of computational propaganda. Memes in this framework denotes the narrow image-based definition. But that naming is no accident, as these items have most of the important properties of Dawkins' original conception as a self-replicating unit of culture. Memes pull together reference and commentary; image and narrative; emotion and message. Memes are a powerful tool and the heart of modern influence campaigns.
+**Tactic**: TA09 Deliver Content
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA09
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0115.002.md b/generated_pages/techniques/T0115.002.md
index 63b5e05..d804182 100644
--- a/generated_pages/techniques/T0115.002.md
+++ b/generated_pages/techniques/T0115.002.md
@@ -2,13 +2,13 @@
**Summary**: Post Violative Content to Provoke Takedown and Backlash.
+**Tactic**: TA09 Deliver Content
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA09
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0115.003.md b/generated_pages/techniques/T0115.003.md
index f4d70f6..0bfe8c0 100644
--- a/generated_pages/techniques/T0115.003.md
+++ b/generated_pages/techniques/T0115.003.md
@@ -2,13 +2,13 @@
**Summary**: Direct posting refers to a method of posting content via a one-way messaging service, where the recipient cannot directly respond to the poster’s messaging. An influence operation may post directly to promote operation narratives to the target audience without allowing opportunities for fact-checking or disagreement, creating a false sense of support for the narrative.
+**Tactic**: TA09 Deliver Content
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA09
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0115.md b/generated_pages/techniques/T0115.md
index 8db7cbb..fbad643 100644
--- a/generated_pages/techniques/T0115.md
+++ b/generated_pages/techniques/T0115.md
@@ -2,13 +2,13 @@
**Summary**: Delivering content by posting via owned media (assets that the operator controls).
+**Tactic**: TA09 Deliver Content
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA09
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0116.001.md b/generated_pages/techniques/T0116.001.md
index 123cbc2..4e64fa5 100644
--- a/generated_pages/techniques/T0116.001.md
+++ b/generated_pages/techniques/T0116.001.md
@@ -2,13 +2,13 @@
**Summary**: Use government-paid social media commenters, astroturfers, chat bots (programmed to reply to specific key words/hashtags) influence online conversations, product reviews, web-site comment forums.
+**Tactic**: TA09 Deliver Content
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA09
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0116.md b/generated_pages/techniques/T0116.md
index 6c9c876..00f2959 100644
--- a/generated_pages/techniques/T0116.md
+++ b/generated_pages/techniques/T0116.md
@@ -2,13 +2,13 @@
**Summary**: Delivering content by replying or commenting via owned media (assets that the operator controls).
+**Tactic**: TA09 Deliver Content
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA09
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0117.md b/generated_pages/techniques/T0117.md
index e4c8c34..3b7eaf9 100644
--- a/generated_pages/techniques/T0117.md
+++ b/generated_pages/techniques/T0117.md
@@ -2,13 +2,13 @@
**Summary**: Deliver content by attracting the attention of traditional media (earned media).
+**Tactic**: TA09 Deliver Content
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA09
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0118.md b/generated_pages/techniques/T0118.md
index ecd7eb5..e75aa5c 100644
--- a/generated_pages/techniques/T0118.md
+++ b/generated_pages/techniques/T0118.md
@@ -2,13 +2,13 @@
**Summary**: An influence operation may amplify existing narratives that align with its narratives to support operation objectives.
+**Tactic**: TA17 Maximise Exposure
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA17
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0119.001.md b/generated_pages/techniques/T0119.001.md
index 76e1a2c..ccf365b 100644
--- a/generated_pages/techniques/T0119.001.md
+++ b/generated_pages/techniques/T0119.001.md
@@ -2,13 +2,13 @@
**Summary**: An influence operation may post content across groups to spread narratives and content to new communities within the target audiences or to new target audiences.
+**Tactic**: TA17 Maximise Exposure
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA17
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0119.002.md b/generated_pages/techniques/T0119.002.md
index 5d6c8b0..24d39da 100644
--- a/generated_pages/techniques/T0119.002.md
+++ b/generated_pages/techniques/T0119.002.md
@@ -2,13 +2,13 @@
**Summary**: An influence operation may post content across platforms to spread narratives and content to new communities within the target audiences or to new target audiences. Posting across platforms can also remove opposition and context, helping the narrative spread with less opposition on the cross-posted platform.
+**Tactic**: TA17 Maximise Exposure
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA17
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0119.003.md b/generated_pages/techniques/T0119.003.md
index cfc6589..5ac6c81 100644
--- a/generated_pages/techniques/T0119.003.md
+++ b/generated_pages/techniques/T0119.003.md
@@ -2,13 +2,13 @@
**Summary**: Post Across Disciplines
+**Tactic**: TA17 Maximise Exposure
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA17
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0119.md b/generated_pages/techniques/T0119.md
index 9a5d5d4..c1a3d06 100644
--- a/generated_pages/techniques/T0119.md
+++ b/generated_pages/techniques/T0119.md
@@ -2,13 +2,13 @@
**Summary**: Cross-posting refers to posting the same message to multiple internet discussions, social media platforms or accounts, or news groups at one time. An influence operation may post content online in multiple communities and platforms to increase the chances of content exposure to the target audience.
+**Tactic**: TA17 Maximise Exposure
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA17
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0120.001.md b/generated_pages/techniques/T0120.001.md
index 7fae38f..d302a81 100644
--- a/generated_pages/techniques/T0120.001.md
+++ b/generated_pages/techniques/T0120.001.md
@@ -2,13 +2,13 @@
**Summary**: Use Affiliate Marketing Programmes
+**Tactic**: TA17 Maximise Exposure
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA17
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0120.002.md b/generated_pages/techniques/T0120.002.md
index 01b1d90..bfe276e 100644
--- a/generated_pages/techniques/T0120.002.md
+++ b/generated_pages/techniques/T0120.002.md
@@ -2,13 +2,13 @@
**Summary**: Use Contests and Prizes
+**Tactic**: TA17 Maximise Exposure
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA17
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0120.md b/generated_pages/techniques/T0120.md
index a2e44e7..ac3dfa6 100644
--- a/generated_pages/techniques/T0120.md
+++ b/generated_pages/techniques/T0120.md
@@ -2,13 +2,13 @@
**Summary**: Incentivizing content sharing refers to actions that encourage users to share content themselves, reducing the need for the operation itself to post and promote its own content.
+**Tactic**: TA17 Maximise Exposure
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA17
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0121.001.md b/generated_pages/techniques/T0121.001.md
index 5c94a10..1a743ae 100644
--- a/generated_pages/techniques/T0121.001.md
+++ b/generated_pages/techniques/T0121.001.md
@@ -2,13 +2,13 @@
**Summary**: Bypassing content blocking refers to actions taken to circumvent network security measures that prevent users from accessing certain servers, resources, or other online spheres. An influence operation may bypass content blocking to proliferate its content on restricted areas of the internet. Common strategies for bypassing content blocking include: - Altering IP addresses to avoid IP filtering - Using a Virtual Private Network (VPN) to avoid IP filtering - Using a Content Delivery Network (CDN) to avoid IP filtering - Enabling encryption to bypass packet inspection blocking - Manipulating text to avoid filtering by keywords - Posting content on multiple platforms to avoid platform-specific removals - Using local facilities or modified DNS servers to avoid DNS filtering
+**Tactic**: TA17 Maximise Exposure
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA17
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0121.md b/generated_pages/techniques/T0121.md
index 20aa9f7..f27ae1f 100644
--- a/generated_pages/techniques/T0121.md
+++ b/generated_pages/techniques/T0121.md
@@ -2,13 +2,13 @@
**Summary**: Manipulating a platform algorithm refers to conducting activity on a platform in a way that intentionally targets its underlying algorithm. After analysing a platform’s algorithm (see: Select Platforms), an influence operation may use a platform in a way that increases its content exposure, avoids content removal, or otherwise benefits the operation’s strategy. For example, an influence operation may use bots to amplify its posts so that the platform’s algorithm recognises engagement with operation content and further promotes the content on user timelines.
+**Tactic**: TA17 Maximise Exposure
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA17
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0122.md b/generated_pages/techniques/T0122.md
index 905289e..4b0d69b 100644
--- a/generated_pages/techniques/T0122.md
+++ b/generated_pages/techniques/T0122.md
@@ -2,13 +2,13 @@
**Summary**: Direct users to alternative platforms refers to encouraging users to move from the platform on which they initially viewed operation content and engage with content on alternate information channels, including separate social media channels and inauthentic websites. An operation may drive users to alternative platforms to diversify its information channels and ensure the target audience knows where to access operation content if the initial platform suspends, flags, or otherwise removes original operation assets and content.
+**Tactic**: TA17 Maximise Exposure
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA17
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0123.001.md b/generated_pages/techniques/T0123.001.md
index ae96e21..5c6e2da 100644
--- a/generated_pages/techniques/T0123.001.md
+++ b/generated_pages/techniques/T0123.001.md
@@ -2,13 +2,13 @@
**Summary**: Deleting opposing content refers to the removal of content that conflicts with operational narratives from selected platforms. An influence operation may delete opposing content to censor contradictory information from the target audience, allowing operation narratives to take priority in the information space.
+**Tactic**: TA18 Drive Online Harms
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA18
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0123.002.md b/generated_pages/techniques/T0123.002.md
index a1a74a1..6d11497 100644
--- a/generated_pages/techniques/T0123.002.md
+++ b/generated_pages/techniques/T0123.002.md
@@ -2,13 +2,13 @@
**Summary**: Content blocking refers to actions taken to restrict internet access or render certain areas of the internet inaccessible. An influence operation may restrict content based on both network and content attributes.
+**Tactic**: TA18 Drive Online Harms
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA18
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0123.003.md b/generated_pages/techniques/T0123.003.md
index 54784ad..1821b71 100644
--- a/generated_pages/techniques/T0123.003.md
+++ b/generated_pages/techniques/T0123.003.md
@@ -2,13 +2,13 @@
**Summary**: Destroying information generation capabilities refers to actions taken to limit, degrade, or otherwise incapacitate an actor’s ability to generate conflicting information. An influence operation may destroy an actor’s information generation capabilities by physically dismantling the information infrastructure, disconnecting resources needed for information generation, or redirecting information generation personnel. An operation may destroy an adversary’s information generation capabilities to limit conflicting content exposure to the target audience and crowd the information space with its own narratives.
+**Tactic**: TA18 Drive Online Harms
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA18
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0123.004.md b/generated_pages/techniques/T0123.004.md
index 8e1514f..89a2413 100644
--- a/generated_pages/techniques/T0123.004.md
+++ b/generated_pages/techniques/T0123.004.md
@@ -2,13 +2,13 @@
**Summary**: A server redirect, also known as a URL redirect, occurs when a server automatically forwards a user from one URL to another using server-side or client-side scripting languages. An influence operation may conduct a server redirect to divert target audience members from one website to another without their knowledge. The redirected website may pose as a legitimate source, host malware, or otherwise aid operation objectives.
+**Tactic**: TA18 Drive Online Harms
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA18
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0123.md b/generated_pages/techniques/T0123.md
index 71829bf..14729d4 100644
--- a/generated_pages/techniques/T0123.md
+++ b/generated_pages/techniques/T0123.md
@@ -2,13 +2,13 @@
**Summary**: Controlling the information environment through offensive cyberspace operations uses cyber tools and techniques to alter the trajectory of content in the information space to either prioritise operation messaging or block opposition messaging.
+**Tactic**: TA18 Drive Online Harms
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA18
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0124.001.md b/generated_pages/techniques/T0124.001.md
index 67f73e1..6aaac30 100644
--- a/generated_pages/techniques/T0124.001.md
+++ b/generated_pages/techniques/T0124.001.md
@@ -2,13 +2,13 @@
**Summary**: Reporting opposing content refers to notifying and providing an instance of a violation of a platform’s guidelines and policies for conduct on the platform. In addition to simply reporting the content, an operation may leverage copyright regulations to trick social media and web platforms into removing opposing content by manipulating the content to appear in violation of copyright laws. Reporting opposing content facilitates the suppression of contradictory information and allows operation narratives to take priority in the information space.
+**Tactic**: TA18 Drive Online Harms
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA18
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0124.002.md b/generated_pages/techniques/T0124.002.md
index c3a964d..b639d4f 100644
--- a/generated_pages/techniques/T0124.002.md
+++ b/generated_pages/techniques/T0124.002.md
@@ -2,13 +2,13 @@
**Summary**: Goad people into actions that violate terms of service or will lead to having their content or accounts taken down.
+**Tactic**: TA18 Drive Online Harms
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA18
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0124.003.md b/generated_pages/techniques/T0124.003.md
index f7f00d7..caf5065 100644
--- a/generated_pages/techniques/T0124.003.md
+++ b/generated_pages/techniques/T0124.003.md
@@ -2,13 +2,13 @@
**Summary**: Exploit Platform TOS/Content Moderation
+**Tactic**: TA18 Drive Online Harms
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA18
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0124.md b/generated_pages/techniques/T0124.md
index 5d02fc6..8755083 100644
--- a/generated_pages/techniques/T0124.md
+++ b/generated_pages/techniques/T0124.md
@@ -2,13 +2,13 @@
**Summary**: Operators can suppress the opposition by exploiting platform content moderation tools and processes like reporting non-violative content to platforms for takedown and goading opposition actors into taking actions that result in platform action or target audience disapproval.
+**Tactic**: TA18 Drive Online Harms
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA18
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0125.md b/generated_pages/techniques/T0125.md
index 14b3f60..6582a65 100644
--- a/generated_pages/techniques/T0125.md
+++ b/generated_pages/techniques/T0125.md
@@ -2,13 +2,13 @@
**Summary**: Platform filtering refers to the decontextualization of information as claims cross platforms (from Joan Donovan https://www.hks.harvard.edu/publications/disinformation-design-use-evidence-collages-and-platform-filtering-media-manipulation)
+**Tactic**: TA18 Drive Online Harms
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA18
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0126.001.md b/generated_pages/techniques/T0126.001.md
index 261c91d..7dc7885 100644
--- a/generated_pages/techniques/T0126.001.md
+++ b/generated_pages/techniques/T0126.001.md
@@ -2,13 +2,13 @@
**Summary**: Call to action to attend an event
+**Tactic**: TA10 Drive Offline Activity
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA10
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0126.002.md b/generated_pages/techniques/T0126.002.md
index 1fa8e05..d17f810 100644
--- a/generated_pages/techniques/T0126.002.md
+++ b/generated_pages/techniques/T0126.002.md
@@ -2,13 +2,13 @@
**Summary**: Facilitate logistics or support for travel, food, housing, etc.
+**Tactic**: TA10 Drive Offline Activity
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA10
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0126.md b/generated_pages/techniques/T0126.md
index b3f51ba..2d26a46 100644
--- a/generated_pages/techniques/T0126.md
+++ b/generated_pages/techniques/T0126.md
@@ -2,13 +2,13 @@
**Summary**: Operation encourages attendance at existing real world event.
+**Tactic**: TA10 Drive Offline Activity
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA10
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0127.001.md b/generated_pages/techniques/T0127.001.md
index d835d80..ede653f 100644
--- a/generated_pages/techniques/T0127.001.md
+++ b/generated_pages/techniques/T0127.001.md
@@ -2,13 +2,13 @@
**Summary**: An influence operation may directly Conduct Physical Violence to achieve campaign goals.
+**Tactic**: TA10 Drive Offline Activity
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA10
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0127.002.md b/generated_pages/techniques/T0127.002.md
index c873b5d..1e94ad8 100644
--- a/generated_pages/techniques/T0127.002.md
+++ b/generated_pages/techniques/T0127.002.md
@@ -2,13 +2,13 @@
**Summary**: An influence operation may Encourage others to engage in Physical Violence to achieve campaign goals.
+**Tactic**: TA10 Drive Offline Activity
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA10
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0127.md b/generated_pages/techniques/T0127.md
index e963251..3f777a4 100644
--- a/generated_pages/techniques/T0127.md
+++ b/generated_pages/techniques/T0127.md
@@ -2,13 +2,13 @@
**Summary**: Physical violence refers to the use of force to injure, abuse, damage, or destroy. An influence operation may conduct or encourage physical violence to discourage opponents from promoting conflicting content or draw attention to operation narratives using shock value.
+**Tactic**: TA10 Drive Offline Activity
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA10
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0128.001.md b/generated_pages/techniques/T0128.001.md
index fc2c590..7c8d7dd 100644
--- a/generated_pages/techniques/T0128.001.md
+++ b/generated_pages/techniques/T0128.001.md
@@ -2,13 +2,13 @@
**Summary**: An operation may use pseudonyms, or fake names, to mask the identity of operational accounts, channels, pages etc., publish anonymous content, or otherwise use falsified personas to conceal the identity of the operation. An operation may coordinate pseudonyms across multiple platforms, for example, by writing an article under a pseudonym and then posting a link to the article on social media on an account, channel, or page with the same falsified name.
+**Tactic**: TA11 Persist in the Information Environment
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA11
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0128.002.md b/generated_pages/techniques/T0128.002.md
index d51222a..e1f0d32 100644
--- a/generated_pages/techniques/T0128.002.md
+++ b/generated_pages/techniques/T0128.002.md
@@ -2,13 +2,13 @@
**Summary**: Concealing network identity aims to hide the existence an influence operation’s network completely. Unlike concealing sponsorship, concealing network identity denies the existence of any sort of organisation.
+**Tactic**: TA11 Persist in the Information Environment
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA11
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0128.003.md b/generated_pages/techniques/T0128.003.md
index aa8d0c2..eb039b5 100644
--- a/generated_pages/techniques/T0128.003.md
+++ b/generated_pages/techniques/T0128.003.md
@@ -2,13 +2,13 @@
**Summary**: Distancing reputable individuals from the operation occurs when enlisted individuals, such as celebrities or subject matter experts, actively disengage themselves from operation activities and messaging. Individuals may distance themselves from the operation by deleting old posts or statements, unfollowing operation information assets, or otherwise detaching themselves from the operation’s timeline. An influence operation may want reputable individuals to distance themselves from the operation to reduce operation exposure, particularly if the operation aims to remove all evidence.
+**Tactic**: TA11 Persist in the Information Environment
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA11
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0128.004.md b/generated_pages/techniques/T0128.004.md
index d63c7a4..c9ef33a 100644
--- a/generated_pages/techniques/T0128.004.md
+++ b/generated_pages/techniques/T0128.004.md
@@ -2,13 +2,13 @@
**Summary**: Laundering occurs when an influence operation acquires control of previously legitimate information assets such as accounts, channels, pages etc. from third parties through sale or exchange and often in contravention of terms of use. Influence operations use laundered assets to reach target audience members from within an existing information community and to complicate attribution.
+**Tactic**: TA11 Persist in the Information Environment
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA11
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0128.005.md b/generated_pages/techniques/T0128.005.md
index bdea498..ba55ffb 100644
--- a/generated_pages/techniques/T0128.005.md
+++ b/generated_pages/techniques/T0128.005.md
@@ -2,13 +2,13 @@
**Summary**: Changing names or brand names of information assets such as accounts, channels, pages etc. An operation may change the names or brand names of its assets throughout an operation to avoid detection or alter the names of newly acquired or repurposed assets to fit operational narratives.
+**Tactic**: TA11 Persist in the Information Environment
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA11
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0128.md b/generated_pages/techniques/T0128.md
index 6efad17..3f4ca59 100644
--- a/generated_pages/techniques/T0128.md
+++ b/generated_pages/techniques/T0128.md
@@ -2,13 +2,13 @@
**Summary**: Conceal the identity or provenance of campaign information assets such as accounts, channels, pages etc. to avoid takedown and attribution.
+**Tactic**: TA11 Persist in the Information Environment
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA11
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0129.001.md b/generated_pages/techniques/T0129.001.md
index ff57150..a81cd9f 100644
--- a/generated_pages/techniques/T0129.001.md
+++ b/generated_pages/techniques/T0129.001.md
@@ -2,13 +2,13 @@
**Summary**: Concealing network identity aims to hide the existence an influence operation’s network completely. Unlike concealing sponsorship, concealing network identity denies the existence of any sort of organisation.
+**Tactic**: TA11 Persist in the Information Environment
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA11
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0129.002.md b/generated_pages/techniques/T0129.002.md
index 767650a..98376a8 100644
--- a/generated_pages/techniques/T0129.002.md
+++ b/generated_pages/techniques/T0129.002.md
@@ -2,13 +2,13 @@
**Summary**: An influence operation may mix its own operation content with legitimate news or external unrelated content to disguise operational objectives, narratives, or existence. For example, an operation may generate "lifestyle" or "cuisine" content alongside regular operation content.
+**Tactic**: TA11 Persist in the Information Environment
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA11
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0129.003.md b/generated_pages/techniques/T0129.003.md
index e21dfaf..dc283e4 100644
--- a/generated_pages/techniques/T0129.003.md
+++ b/generated_pages/techniques/T0129.003.md
@@ -2,13 +2,13 @@
**Summary**: Breaking association with content occurs when an influence operation actively separates itself from its own content. An influence operation may break association with content by unfollowing, unliking, or unsharing its content, removing attribution from its content, or otherwise taking actions that distance the operation from its messaging. An influence operation may break association with its content to complicate attribution or regain credibility for a new operation.
+**Tactic**: TA11 Persist in the Information Environment
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA11
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0129.004.md b/generated_pages/techniques/T0129.004.md
index f5a786a..5bba55d 100644
--- a/generated_pages/techniques/T0129.004.md
+++ b/generated_pages/techniques/T0129.004.md
@@ -2,13 +2,13 @@
**Summary**: URL deletion occurs when an influence operation completely removes its website registration, rendering the URL inaccessible. An influence operation may delete its URLs to complicate attribution or remove online documentation that the operation ever occurred.
+**Tactic**: TA11 Persist in the Information Environment
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA11
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0129.005.md b/generated_pages/techniques/T0129.005.md
index 4160eb9..246eefd 100644
--- a/generated_pages/techniques/T0129.005.md
+++ b/generated_pages/techniques/T0129.005.md
@@ -2,13 +2,13 @@
**Summary**: Coordinate on encrypted/ closed networks
+**Tactic**: TA11 Persist in the Information Environment
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA11
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0129.006.md b/generated_pages/techniques/T0129.006.md
index dedc1c7..795c846 100644
--- a/generated_pages/techniques/T0129.006.md
+++ b/generated_pages/techniques/T0129.006.md
@@ -2,13 +2,13 @@
**Summary**: Without "smoking gun" proof (and even with proof), incident creator can or will deny involvement. This technique also leverages the attacker advantages outlined in "Demand insurmountable proof", specifically the asymmetric disadvantage for truth-tellers in a "firehose of misinformation" environment.
+**Tactic**: TA11 Persist in the Information Environment
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA11
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0129.007.md b/generated_pages/techniques/T0129.007.md
index 5c2d0c6..05ba34f 100644
--- a/generated_pages/techniques/T0129.007.md
+++ b/generated_pages/techniques/T0129.007.md
@@ -2,13 +2,13 @@
**Summary**: Deleting accounts and account activity occurs when an influence operation removes its online social media assets, including social media accounts, posts, likes, comments, and other online artefacts. An influence operation may delete its accounts and account activity to complicate attribution or remove online documentation that the operation ever occurred.
+**Tactic**: TA11 Persist in the Information Environment
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA11
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0129.008.md b/generated_pages/techniques/T0129.008.md
deleted file mode 100644
index 75e5d30..0000000
--- a/generated_pages/techniques/T0129.008.md
+++ /dev/null
@@ -1,18 +0,0 @@
-# Technique T0129.008: Redirect URLs
-
-* **Summary**: An influence operation may redirect its falsified or typosquatted URLs to legitimate websites to increase the operation's appearance of legitimacy, complicate attribution, and avoid detection.
-
-* **Belongs to tactic stage**: TA11
-
-
-| Incident | Descriptions given for this incident |
-| -------- | -------------------- |
-| [I00072 Behind the Dutch Terror Threat Video: The St. Petersburg "Troll Factory" Connection](../../generated_pages/incidents/I00072.md) | “The creator of Geopolitika[.]ru is Aleksandr Dugin, who was sanctioned by the United States Department of Treasury in 2015 for his role in the Eurasian Youth Union “for being responsible for or complicit in actions or policies that threaten the peace, security, stability, or sovereignty or territorial integrity of Ukraine.”
[...]
“Currently, the website geopolika[.]ru redirects directly to another partner website, Katehon.
“Katehon poses itself as a think tank focused on geopolitics in an English edition of its website. In contrast, in Russian, it states its aim to develop “ideological, political, diplomatic, economic and military strategy for Russia of the future” with a special role of religion. The president of Katehon’s supervisory board is Konstantin Malofeev, a Russian millionaire with connections to the Russian orthodox church and presidential administration, who founded Tsargrad TV, a known source of disinformation. Malofeev was sanctioned by the U.S. Department of Treasury and the European Union in 2014 for material support and financial backing of Russian-backed separatists in eastern Ukraine. Another known figure from the board is Sergei Glaziev, former advisor to Putin in 2012–2019. Dugin is also on the board in the Russian edition of the website, whereas he is omitted in English.”
In this example a website managed by an actor previously sanctioned by the US department of treasury has been configured to redirect to another website; Katehon (T0129.008: Redirect URLs).
Katehon presents itself as a geopolitical think tank in English (T0097.204: Think Tank Persona), but does not maintain this persona when presenting itself to a Russian speaking audience. |
-
-
-
-| Counters | Response types |
-| -------- | -------------- |
-
-
-DO NOT EDIT ABOVE THIS LINE - PLEASE ADD NOTES BELOW
\ No newline at end of file
diff --git a/generated_pages/techniques/T0129.009.md b/generated_pages/techniques/T0129.009.md
index 24ea5e5..3d9ab86 100644
--- a/generated_pages/techniques/T0129.009.md
+++ b/generated_pages/techniques/T0129.009.md
@@ -2,13 +2,13 @@
**Summary**: Removing post origins refers to the elimination of evidence that indicates the initial source of operation content, often to complicate attribution. An influence operation may remove post origins by deleting watermarks, renaming files, or removing embedded links in its content.
+**Tactic**: TA11 Persist in the Information Environment
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA11
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0129.010.md b/generated_pages/techniques/T0129.010.md
index c5077f7..8e6cdb6 100644
--- a/generated_pages/techniques/T0129.010.md
+++ b/generated_pages/techniques/T0129.010.md
@@ -2,13 +2,13 @@
**Summary**: Misattributed activity refers to incorrectly attributed operation activity. For example, a state sponsored influence operation may conduct operation activity in a way that mimics another state so that external entities misattribute activity to the incorrect state. An operation may misattribute their activities to complicate attribution, avoid detection, or frame an adversary for negative behaviour.
+**Tactic**: TA11 Persist in the Information Environment
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA11
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0129.md b/generated_pages/techniques/T0129.md
index 709a8a3..86389c8 100644
--- a/generated_pages/techniques/T0129.md
+++ b/generated_pages/techniques/T0129.md
@@ -2,13 +2,13 @@
**Summary**: Conceal the campaign's operational activity to avoid takedown and attribution.
+**Tactic**: TA11 Persist in the Information Environment
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA11
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0130.001.md b/generated_pages/techniques/T0130.001.md
index 695212f..26843ba 100644
--- a/generated_pages/techniques/T0130.001.md
+++ b/generated_pages/techniques/T0130.001.md
@@ -2,13 +2,13 @@
**Summary**: Concealing sponsorship aims to mislead or obscure the identity of the hidden sponsor behind an operation rather than entity publicly running the operation. Operations that conceal sponsorship may maintain visible falsified groups, news outlets, non-profits, or other organisations, but seek to mislead or obscure the identity sponsoring, funding, or otherwise supporting these entities. Influence operations may use a variety of techniques to mask the location of their social media accounts to complicate attribution and conceal evidence of foreign interference. Operation accounts may set their location to a false place, often the location of the operation’s target audience, and post in the region’s language
+**Tactic**: TA11 Persist in the Information Environment
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA11
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0130.002.md b/generated_pages/techniques/T0130.002.md
index 4718b2a..9df2a43 100644
--- a/generated_pages/techniques/T0130.002.md
+++ b/generated_pages/techniques/T0130.002.md
@@ -2,13 +2,13 @@
**Summary**: Hosting refers to services through which storage and computing resources are provided to an individual or organisation for the accommodation and maintenance of one or more websites and related services. Services may include web hosting, file sharing, and email distribution. Bulletproof hosting refers to services provided by an entity, such as a domain hosting or web hosting firm, that allows its customer considerable leniency in use of the service. An influence operation may utilise bulletproof hosting to maintain continuity of service for suspicious, illegal, or disruptive operation activities that stricter hosting services would limit, report, or suspend.
+**Tactic**: TA11 Persist in the Information Environment
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA11
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0130.003.md b/generated_pages/techniques/T0130.003.md
index 0fe0f9f..ed3926d 100644
--- a/generated_pages/techniques/T0130.003.md
+++ b/generated_pages/techniques/T0130.003.md
@@ -2,13 +2,13 @@
**Summary**: Use Shell Organisations to conceal sponsorship.
+**Tactic**: TA11 Persist in the Information Environment
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA11
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0130.004.md b/generated_pages/techniques/T0130.004.md
index 5f02c88..ea6f7ee 100644
--- a/generated_pages/techniques/T0130.004.md
+++ b/generated_pages/techniques/T0130.004.md
@@ -2,13 +2,13 @@
**Summary**: Use Cryptocurrency to conceal sponsorship. Examples include Bitcoin, Monero, and Etherium.
+**Tactic**: TA11 Persist in the Information Environment
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA11
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0130.005.md b/generated_pages/techniques/T0130.005.md
index c0705dc..89198c5 100644
--- a/generated_pages/techniques/T0130.005.md
+++ b/generated_pages/techniques/T0130.005.md
@@ -2,13 +2,13 @@
**Summary**: Obfuscate Payment
+**Tactic**: TA11 Persist in the Information Environment
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA11
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0130.md b/generated_pages/techniques/T0130.md
index ca141f4..ff8d368 100644
--- a/generated_pages/techniques/T0130.md
+++ b/generated_pages/techniques/T0130.md
@@ -2,13 +2,13 @@
**Summary**: Conceal the campaign's infrastructure to avoid takedown and attribution.
+**Tactic**: TA11 Persist in the Information Environment
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA11
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0131.001.md b/generated_pages/techniques/T0131.001.md
index 95a233e..ec15e38 100644
--- a/generated_pages/techniques/T0131.001.md
+++ b/generated_pages/techniques/T0131.001.md
@@ -2,13 +2,13 @@
**Summary**: Make incident content visible for a long time, e.g. by exploiting platform terms of service, or placing it where it's hard to remove or unlikely to be removed.
+**Tactic**: TA11 Persist in the Information Environment
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA11
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0131.002.md b/generated_pages/techniques/T0131.002.md
index 087743e..3afbd3f 100644
--- a/generated_pages/techniques/T0131.002.md
+++ b/generated_pages/techniques/T0131.002.md
@@ -2,13 +2,13 @@
**Summary**: Post Borderline Content
+**Tactic**: TA11 Persist in the Information Environment
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA11
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0131.md b/generated_pages/techniques/T0131.md
index 743b1e6..2efff0d 100644
--- a/generated_pages/techniques/T0131.md
+++ b/generated_pages/techniques/T0131.md
@@ -2,13 +2,13 @@
**Summary**: Exploiting weaknesses in platforms' terms of service and content moderation policies to avoid takedowns and platform actions.
+**Tactic**: TA11 Persist in the Information Environment
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA11
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0132.001.md b/generated_pages/techniques/T0132.001.md
index 820782d..60d2425 100644
--- a/generated_pages/techniques/T0132.001.md
+++ b/generated_pages/techniques/T0132.001.md
@@ -2,13 +2,13 @@
**Summary**: Measure the performance individuals in achieving campaign goals
+**Tactic**: TA12 Assess Effectiveness
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA12
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0132.002.md b/generated_pages/techniques/T0132.002.md
index c7b4c9e..0f0d6a8 100644
--- a/generated_pages/techniques/T0132.002.md
+++ b/generated_pages/techniques/T0132.002.md
@@ -2,13 +2,13 @@
**Summary**: Measure the performance of campaign content
+**Tactic**: TA12 Assess Effectiveness
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA12
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0132.003.md b/generated_pages/techniques/T0132.003.md
index 3b4a3c0..ae8437a 100644
--- a/generated_pages/techniques/T0132.003.md
+++ b/generated_pages/techniques/T0132.003.md
@@ -2,13 +2,13 @@
**Summary**: View Focused
+**Tactic**: TA12 Assess Effectiveness
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA12
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0132.md b/generated_pages/techniques/T0132.md
index 0cc7821..b77d51f 100644
--- a/generated_pages/techniques/T0132.md
+++ b/generated_pages/techniques/T0132.md
@@ -2,13 +2,13 @@
**Summary**: A metric used to determine the accomplishment of actions. “Are the actions being executed as planned?”
+**Tactic**: TA12 Assess Effectiveness
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA12
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0133.001.md b/generated_pages/techniques/T0133.001.md
index 1461e84..d5c7067 100644
--- a/generated_pages/techniques/T0133.001.md
+++ b/generated_pages/techniques/T0133.001.md
@@ -2,13 +2,13 @@
**Summary**: Monitor and evaluate behaviour changes from misinformation incidents.
+**Tactic**: TA12 Assess Effectiveness
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA12
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0133.002.md b/generated_pages/techniques/T0133.002.md
index dc34997..9267183 100644
--- a/generated_pages/techniques/T0133.002.md
+++ b/generated_pages/techniques/T0133.002.md
@@ -2,13 +2,13 @@
**Summary**: Measure current system state with respect to the effectiveness of campaign content.
+**Tactic**: TA12 Assess Effectiveness
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA12
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0133.003.md b/generated_pages/techniques/T0133.003.md
index eea770f..4743e1a 100644
--- a/generated_pages/techniques/T0133.003.md
+++ b/generated_pages/techniques/T0133.003.md
@@ -2,13 +2,13 @@
**Summary**: Measure current system state with respect to the effectiveness of influencing awareness.
+**Tactic**: TA12 Assess Effectiveness
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA12
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0133.004.md b/generated_pages/techniques/T0133.004.md
index f7deb84..577d0ff 100644
--- a/generated_pages/techniques/T0133.004.md
+++ b/generated_pages/techniques/T0133.004.md
@@ -2,13 +2,13 @@
**Summary**: Measure current system state with respect to the effectiveness of influencing knowledge.
+**Tactic**: TA12 Assess Effectiveness
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA12
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0133.005.md b/generated_pages/techniques/T0133.005.md
index ec75d92..8a910c0 100644
--- a/generated_pages/techniques/T0133.005.md
+++ b/generated_pages/techniques/T0133.005.md
@@ -2,13 +2,13 @@
**Summary**: Measure current system state with respect to the effectiveness of influencing action/attitude.
+**Tactic**: TA12 Assess Effectiveness
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA12
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0133.md b/generated_pages/techniques/T0133.md
index 948c7c7..8bffc3c 100644
--- a/generated_pages/techniques/T0133.md
+++ b/generated_pages/techniques/T0133.md
@@ -2,13 +2,13 @@
**Summary**: A metric used to measure a current system state. “Are we on track to achieve the intended new system state within the planned timescale?”
+**Tactic**: TA12 Assess Effectiveness
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA12
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0134.001.md b/generated_pages/techniques/T0134.001.md
index 878b831..d9f42e7 100644
--- a/generated_pages/techniques/T0134.001.md
+++ b/generated_pages/techniques/T0134.001.md
@@ -2,13 +2,13 @@
**Summary**: Monitor and evaluate message reach in misinformation incidents.
+**Tactic**: TA12 Assess Effectiveness
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA12
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0134.002.md b/generated_pages/techniques/T0134.002.md
index 63a5d3f..cbeb022 100644
--- a/generated_pages/techniques/T0134.002.md
+++ b/generated_pages/techniques/T0134.002.md
@@ -2,13 +2,13 @@
**Summary**: Monitor and evaluate social media engagement in misinformation incidents.
+**Tactic**: TA12 Assess Effectiveness
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA12
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0134.md b/generated_pages/techniques/T0134.md
index 4470352..96c2e6d 100644
--- a/generated_pages/techniques/T0134.md
+++ b/generated_pages/techniques/T0134.md
@@ -2,13 +2,13 @@
**Summary**: Ensuring that Key Performance Indicators are identified and tracked, so that the performance and effectiveness of campaigns, and elements of campaigns, can be measured, during and after their execution.
+**Tactic**: TA12 Assess Effectiveness
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA12
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0135.001.md b/generated_pages/techniques/T0135.001.md
index 49ccc19..9d80b86 100644
--- a/generated_pages/techniques/T0135.001.md
+++ b/generated_pages/techniques/T0135.001.md
@@ -2,13 +2,13 @@
**Summary**: Denigrate, disparage, or discredit an opponent. This is a common tactical objective in political campaigns with a larger strategic goal. It differs from efforts to harm a target through defamation. If there is no ulterior motive and the sole aim is to cause harm to the target, then choose sub-technique “Defame” of technique “Cause Harm” instead.
+**Tactic**: TA02 Plan Objectives
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA02
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0135.002.md b/generated_pages/techniques/T0135.002.md
index c16f2ee..f6e8610 100644
--- a/generated_pages/techniques/T0135.002.md
+++ b/generated_pages/techniques/T0135.002.md
@@ -2,13 +2,13 @@
**Summary**: Prevent the successful outcome of a policy, operation, or initiative. Actors conduct influence operations to stymie or foil proposals, plans, or courses of action which are not in their interest.
+**Tactic**: TA02 Plan Objectives
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA02
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0135.003.md b/generated_pages/techniques/T0135.003.md
index 193146f..447c142 100644
--- a/generated_pages/techniques/T0135.003.md
+++ b/generated_pages/techniques/T0135.003.md
@@ -2,13 +2,13 @@
**Summary**: Sabotage, destroy, or damage a system, process, or relationship. The classic example is the Soviet strategy of “active measures” involving deniable covert activities such as political influence, the use of front organisations, the orchestration of domestic unrest, and the spread of disinformation.
+**Tactic**: TA02 Plan Objectives
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA02
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0135.004.md b/generated_pages/techniques/T0135.004.md
index 6f784da..9ba87fa 100644
--- a/generated_pages/techniques/T0135.004.md
+++ b/generated_pages/techniques/T0135.004.md
@@ -2,13 +2,13 @@
**Summary**: To cause a target audience to divide into two completely opposing groups. This is a special case of subversion. To divide and conquer is an age-old approach to subverting and overcoming an enemy.
+**Tactic**: TA02 Plan Objectives
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA02
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0135.md b/generated_pages/techniques/T0135.md
index 07ffcd3..d43338b 100644
--- a/generated_pages/techniques/T0135.md
+++ b/generated_pages/techniques/T0135.md
@@ -2,13 +2,13 @@
**Summary**: Weaken, debilitate, or subvert a target or their actions. An influence operation may be designed to disparage an opponent; sabotage an opponent’s systems or processes; compromise an opponent’s relationships or support system; impair an opponent’s capability; or thwart an opponent’s initiative.
+**Tactic**: TA02 Plan Objectives
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA02
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0136.001.md b/generated_pages/techniques/T0136.001.md
index ae5215d..431bcd8 100644
--- a/generated_pages/techniques/T0136.001.md
+++ b/generated_pages/techniques/T0136.001.md
@@ -2,13 +2,13 @@
**Summary**: Preserve a positive perception in the public’s mind following an accusation or adverse event. When accused of a wrongful act, an actor may engage in denial, counter accusations, whataboutism, or conspiracy theories to distract public attention and attempt to maintain a positive image.
+**Tactic**: TA02 Plan Objectives
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA02
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0136.002.md b/generated_pages/techniques/T0136.002.md
index 0804b98..eb73cb1 100644
--- a/generated_pages/techniques/T0136.002.md
+++ b/generated_pages/techniques/T0136.002.md
@@ -2,13 +2,13 @@
**Summary**: To convince others to exonerate you of a perceived wrongdoing. When an actor finds it untenable to deny doing something, they may attempt to exonerate themselves with disinformation which claims the action was reasonable. This is a special case of “Defend Reputation”.
+**Tactic**: TA02 Plan Objectives
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA02
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0136.003.md b/generated_pages/techniques/T0136.003.md
index 96c8884..8d48070 100644
--- a/generated_pages/techniques/T0136.003.md
+++ b/generated_pages/techniques/T0136.003.md
@@ -2,13 +2,13 @@
**Summary**: Raise the morale of those who support the organisation or group. Invigorate constituents with zeal for the mission or activity. Terrorist groups, political movements, and cults may indoctrinate their supporters with ideologies that are based on warped versions of religion or cause harm to others.
+**Tactic**: TA02 Plan Objectives
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA02
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0136.004.md b/generated_pages/techniques/T0136.004.md
index d0ceaa5..207890f 100644
--- a/generated_pages/techniques/T0136.004.md
+++ b/generated_pages/techniques/T0136.004.md
@@ -2,13 +2,13 @@
**Summary**: Elevate the estimation of the actor in the public’s mind. Improve their image or standing. Public relations professionals use persuasive overt communications to achieve this goal; manipulators use covert disinformation.
+**Tactic**: TA02 Plan Objectives
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA02
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0136.005.md b/generated_pages/techniques/T0136.005.md
index 262e143..e55c57d 100644
--- a/generated_pages/techniques/T0136.005.md
+++ b/generated_pages/techniques/T0136.005.md
@@ -2,13 +2,13 @@
**Summary**: Elevate or fortify the public backing for a policy, operation, or idea. Domestic and foreign actors can use artificial means to fabricate or amplify public support for a proposal or action.
+**Tactic**: TA02 Plan Objectives
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA02
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0136.006.md b/generated_pages/techniques/T0136.006.md
index 2fcfbc2..c4b7384 100644
--- a/generated_pages/techniques/T0136.006.md
+++ b/generated_pages/techniques/T0136.006.md
@@ -2,13 +2,13 @@
**Summary**: Elevate or fortify the public backing for a partner. Governments may interfere in other countries’ elections by covertly favouring a party or candidate aligned with their interests. They may also mount an influence operation to bolster the reputation of an ally under attack.
+**Tactic**: TA02 Plan Objectives
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA02
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0136.007.md b/generated_pages/techniques/T0136.007.md
index 9302b0e..59d542e 100644
--- a/generated_pages/techniques/T0136.007.md
+++ b/generated_pages/techniques/T0136.007.md
@@ -2,13 +2,13 @@
**Summary**: Motivate followers to join or subscribe as members of the team. Organisations may mount recruitment drives that use propaganda to entice sympathisers to sign up.
+**Tactic**: TA02 Plan Objectives
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA02
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0136.008.md b/generated_pages/techniques/T0136.008.md
index 6329f54..e49262e 100644
--- a/generated_pages/techniques/T0136.008.md
+++ b/generated_pages/techniques/T0136.008.md
@@ -2,13 +2,13 @@
**Summary**: Improve personal standing within a community. Gain fame, approbation, or notoriety. Conspiracy theorists, those with special access, and ideologues can gain prominence in a community by propagating disinformation, leaking confidential documents, or spreading hate.
+**Tactic**: TA02 Plan Objectives
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA02
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0136.md b/generated_pages/techniques/T0136.md
index fc1c5d5..576dd09 100644
--- a/generated_pages/techniques/T0136.md
+++ b/generated_pages/techniques/T0136.md
@@ -2,13 +2,13 @@
**Summary**: Grow or maintain the base of support for the actor, ally, or action. This includes hard core recruitment, managing alliances, and generating or maintaining sympathy among a wider audience, including reputation management and public relations. Sub-techniques assume support for actor (self) unless otherwise specified.
+**Tactic**: TA02 Plan Objectives
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA02
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0137.001.md b/generated_pages/techniques/T0137.001.md
index b6c05a4..7a5bd74 100644
--- a/generated_pages/techniques/T0137.001.md
+++ b/generated_pages/techniques/T0137.001.md
@@ -2,13 +2,13 @@
**Summary**: Earn income from digital advertisements published alongside inauthentic content. Conspiratorial, false, or provocative content drives internet traffic. Content owners earn money from impressions of, or clicks on, or conversions of ads published on their websites, social media profiles, or streaming services, or ads published when their content appears in search engine results. Fraudsters simulate impressions, clicks, and conversions, or they spin up inauthentic sites or social media profiles just to generate ad revenue. Conspiracy theorists and political operators generate ad revenue as a byproduct of their operation or as a means of sustaining their campaign.
+**Tactic**: TA02 Plan Objectives
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA02
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0137.002.md b/generated_pages/techniques/T0137.002.md
index e354f41..c145562 100644
--- a/generated_pages/techniques/T0137.002.md
+++ b/generated_pages/techniques/T0137.002.md
@@ -2,13 +2,13 @@
**Summary**: Defraud a target or trick a target into doing something that benefits the attacker. A typical scam is where a fraudster convinces a target to pay for something without the intention of ever delivering anything in return. Alternatively, the fraudster may promise benefits which never materialise, such as a fake cure. Criminals often exploit a fear or crisis or generate a sense of urgency. They may use deepfakes to impersonate authority figures or individuals in distress.
+**Tactic**: TA02 Plan Objectives
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA02
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0137.003.md b/generated_pages/techniques/T0137.003.md
index 58981aa..b0db415 100644
--- a/generated_pages/techniques/T0137.003.md
+++ b/generated_pages/techniques/T0137.003.md
@@ -2,13 +2,13 @@
**Summary**: Solicit donations for a cause. Popular conspiracy theorists can attract financial contributions from their followers. Fighting back against the establishment is a popular crowdfunding narrative.
+**Tactic**: TA02 Plan Objectives
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA02
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0137.004.md b/generated_pages/techniques/T0137.004.md
index 7140006..9b21c07 100644
--- a/generated_pages/techniques/T0137.004.md
+++ b/generated_pages/techniques/T0137.004.md
@@ -2,13 +2,13 @@
**Summary**: Offer products for sale under false pretences. Campaigns may hijack or create causes built on disinformation to sell promotional merchandise. Or charlatans may amplify victims’ unfounded fears to sell them items of questionable utility such as supplements or survival gear.
+**Tactic**: TA02 Plan Objectives
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA02
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0137.005.md b/generated_pages/techniques/T0137.005.md
index 6b89335..f48192e 100644
--- a/generated_pages/techniques/T0137.005.md
+++ b/generated_pages/techniques/T0137.005.md
@@ -2,13 +2,13 @@
**Summary**: Coerce money or favours from a target by threatening to expose or corrupt information. Ransomware criminals typically demand money. Intelligence agencies demand national secrets. Sexual predators demand favours. The leverage may be critical, sensitive, or embarrassing information.
+**Tactic**: TA02 Plan Objectives
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA02
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0137.006.md b/generated_pages/techniques/T0137.006.md
index ffa6652..caef976 100644
--- a/generated_pages/techniques/T0137.006.md
+++ b/generated_pages/techniques/T0137.006.md
@@ -2,13 +2,13 @@
**Summary**: Artificially inflate or deflate the price of stocks or other financial instruments and then trade on these to make profit. The most common securities fraud schemes are called “pump and dump” and “poop and scoop”.
+**Tactic**: TA02 Plan Objectives
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA02
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0137.md b/generated_pages/techniques/T0137.md
index 351c7cb..944e104 100644
--- a/generated_pages/techniques/T0137.md
+++ b/generated_pages/techniques/T0137.md
@@ -2,13 +2,13 @@
**Summary**: Profit from disinformation, conspiracy theories, or online harm. In some cases, the sole objective is financial gain, in other cases the objective is both financial and political. Making money may also be a way to sustain a political campaign.
+**Tactic**: TA02 Plan Objectives
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA02
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0138.001.md b/generated_pages/techniques/T0138.001.md
index 545d569..bc1c449 100644
--- a/generated_pages/techniques/T0138.001.md
+++ b/generated_pages/techniques/T0138.001.md
@@ -2,13 +2,13 @@
**Summary**: Inspire, animate, or exhort a target to act. An actor can use propaganda, disinformation, or conspiracy theories to stimulate a target to act in its interest.
+**Tactic**: TA02 Plan Objectives
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA02
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0138.002.md b/generated_pages/techniques/T0138.002.md
index 5143dd8..b5fb258 100644
--- a/generated_pages/techniques/T0138.002.md
+++ b/generated_pages/techniques/T0138.002.md
@@ -2,13 +2,13 @@
**Summary**: Instigate, incite, or arouse a target to act. Social media manipulators exploit moral outrage to propel targets to spread hate, take to the streets to protest, or engage in acts of violence.
+**Tactic**: TA02 Plan Objectives
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA02
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0138.003.md b/generated_pages/techniques/T0138.003.md
index 85ea8e9..d7b7fde 100644
--- a/generated_pages/techniques/T0138.003.md
+++ b/generated_pages/techniques/T0138.003.md
@@ -2,13 +2,13 @@
**Summary**: Force target to take an action or to stop taking an action it has already started. Actors can use the threat of reputational damage alongside military or economic threats to compel a target.
+**Tactic**: TA02 Plan Objectives
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA02
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0138.md b/generated_pages/techniques/T0138.md
index 14ef646..d9b20f4 100644
--- a/generated_pages/techniques/T0138.md
+++ b/generated_pages/techniques/T0138.md
@@ -2,13 +2,13 @@
**Summary**: Persuade, impel, or provoke the target to behave in a specific manner favourable to the attacker. Some common behaviours are joining, subscribing, voting, buying, demonstrating, fighting, retreating, resigning, boycotting.
+**Tactic**: TA02 Plan Objectives
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA02
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0139.001.md b/generated_pages/techniques/T0139.001.md
index d67e996..3eeb709 100644
--- a/generated_pages/techniques/T0139.001.md
+++ b/generated_pages/techniques/T0139.001.md
@@ -2,13 +2,13 @@
**Summary**: To make a target disinclined or reluctant to act. Manipulators use disinformation to cause targets to question the utility, legality, or morality of taking an action.
+**Tactic**: TA02 Plan Objectives
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA02
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0139.002.md b/generated_pages/techniques/T0139.002.md
index 9fad12a..ededcb3 100644
--- a/generated_pages/techniques/T0139.002.md
+++ b/generated_pages/techniques/T0139.002.md
@@ -2,13 +2,13 @@
**Summary**: Intimidate or incentivise target into remaining silent or prevent target from speaking out. A threat actor may cow a target into silence as a special case of deterrence. Or they may buy the target’s silence. Or they may repress or restrict the target’s speech.
+**Tactic**: TA02 Plan Objectives
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA02
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0139.003.md b/generated_pages/techniques/T0139.003.md
index ff35b61..7a6494c 100644
--- a/generated_pages/techniques/T0139.003.md
+++ b/generated_pages/techniques/T0139.003.md
@@ -2,13 +2,13 @@
**Summary**: Prevent target from taking an action for fear of the consequences. Deterrence occurs in the mind of the target, who fears they will be worse off if they take an action than if they don’t. When making threats, aggressors may bluff, feign irrationality, or engage in brinksmanship.
+**Tactic**: TA02 Plan Objectives
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA02
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0139.md b/generated_pages/techniques/T0139.md
index 47dd248..fae5188 100644
--- a/generated_pages/techniques/T0139.md
+++ b/generated_pages/techniques/T0139.md
@@ -2,13 +2,13 @@
**Summary**: Discourage, deter, or inhibit the target from actions which would be unfavourable to the attacker. The actor may want the target to refrain from voting, buying, fighting, or supplying.
+**Tactic**: TA02 Plan Objectives
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA02
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0140.001.md b/generated_pages/techniques/T0140.001.md
index fdca178..5b1be51 100644
--- a/generated_pages/techniques/T0140.001.md
+++ b/generated_pages/techniques/T0140.001.md
@@ -2,13 +2,13 @@
**Summary**: Attempt to damage the target’s personal reputation by impugning their character. This can range from subtle attempts to misrepresent or insinuate, to obvious attempts to denigrate or disparage, to blatant attempts to malign or vilify. Slander applies to oral expression. Libel applies to written or pictorial material. Defamation is often carried out by online trolls. The sole aim here is to cause harm to the target. If the threat actor uses defamation as a means of undermining the target, then choose sub-technique “Smear” of technique “Undermine” instead.
+**Tactic**: TA02 Plan Objectives
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA02
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0140.002.md b/generated_pages/techniques/T0140.002.md
index 4ed6d57..cf564c6 100644
--- a/generated_pages/techniques/T0140.002.md
+++ b/generated_pages/techniques/T0140.002.md
@@ -2,13 +2,13 @@
**Summary**: Coerce, bully, or frighten the target. An influence operation may use intimidation to compel the target to act against their will. Or the goal may be to frighten or even terrify the target into silence or submission. In some cases, the goal is simply to make the victim suffer.
+**Tactic**: TA02 Plan Objectives
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA02
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0140.003.md b/generated_pages/techniques/T0140.003.md
index aab1f6d..7c660d8 100644
--- a/generated_pages/techniques/T0140.003.md
+++ b/generated_pages/techniques/T0140.003.md
@@ -2,13 +2,13 @@
**Summary**: Publish and/or propagate demeaning, derisive, or humiliating content targeting an individual or group of individuals with the intent to cause emotional, psychological, or physical distress. Hate speech can cause harm directly or incite others to harm the target. It often aims to stigmatise the target by singling out immutable characteristics such as colour, race, religion, national or ethnic origin, gender, gender identity, sexual orientation, age, disease, or mental or physical disability. Thus, promoting hatred online may involve racism, antisemitism, Islamophobia, xenophobia, sexism, misogyny, homophobia, transphobia, ageism, ableism, or any combination thereof. Motivations for hate speech range from group preservation to ideological superiority to the unbridled infliction of suffering.
+**Tactic**: TA02 Plan Objectives
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA02
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0140.md b/generated_pages/techniques/T0140.md
index 9b30094..613fd71 100644
--- a/generated_pages/techniques/T0140.md
+++ b/generated_pages/techniques/T0140.md
@@ -2,13 +2,13 @@
**Summary**: Persecute, malign, or inflict pain upon a target. The objective of a campaign may be to cause fear or emotional distress in a target. In some cases, harm is instrumental to achieving a primary objective, as in coercion, repression, or intimidation. In other cases, harm may be inflicted for the satisfaction of the perpetrator, as in revenge or sadistic cruelty.
+**Tactic**: TA02 Plan Objectives
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA02
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0141.001.md b/generated_pages/techniques/T0141.001.md
deleted file mode 100644
index fe19511..0000000
--- a/generated_pages/techniques/T0141.001.md
+++ /dev/null
@@ -1,21 +0,0 @@
-# Technique T0141.001: Acquire Compromised Account
-
-* **Summary**: Threat Actors can take over existing users’ accounts to distribute campaign content.
The actor may maintain the asset’s previous identity to capitalise on the perceived legitimacy its previous owner had cultivated.
The actor may completely rebrand the account to exploit its existing reach, or relying on the account’s history to avoid more stringent automated content moderation rules applied to new accounts.
See also [Mitre ATT&CK’s T1586 Compromise Accounts](https://attack.mitre.org/techniques/T1586/) for more technical information on how threat actors may achieve this objective.
This Technique was previously called Compromise Legitimate Accounts, and used the ID T0011.
-
-* **Belongs to tactic stage**: TA15
-
-
-| Incident | Descriptions given for this incident |
-| -------- | -------------------- |
-| [I00064 Tinder nightmares: the promise and peril of political bots](../../generated_pages/incidents/I00064.md) | “In the days leading up to the UK’s [2019] general election, youths looking for love online encountered a whole new kind of Tinder nightmare. A group of young activists built a Tinder chatbot to co-opt profiles and persuade swing voters to support Labour. The bot accounts sent 30,000-40,000 messages to targeted 18-25 year olds in battleground constituencies like Dudley North, which Labour ended up winning by only 22 votes. [...]
“The activists maintain that the project was meant to foster democratic engagement. But screenshots of the bots’ activity expose a harsher reality. Images of conversations between real users and these bots, posted on i-D, Mashable, as well as on Fowler and Goodman’s public Twitter accounts, show that the bots did not identify themselves as automated accounts, instead posing as the user whose profile they had taken over. While conducting research for this story, it turned out that a number of [the reporters’ friends] living in Oxford had interacted with the bot in the lead up to the election and had no idea that it was not a real person.”
In this example people offered up their real accounts for the automation of political messaging; the actors convinced the users to give up access to their accounts to use in the operation (T0141.001: Acquire Compromised Account). The actors maintained the accounts’ existing persona, and presented themselves as potential romantic suitors for legitimate platform users (T0097:109 Romantic Suitor Persona, T0143.003: Impersonated Persona). |
-| [I00065 'Ghostwriter' Influence Campaign: Unknown Actors Leverage Website Compromises and Fabricated Content to Push Narratives Aligned With Russian Security Interests](../../generated_pages/incidents/I00065.md) | _”Overall, narratives promoted in the five operations appear to represent a concerted effort to discredit the ruling political coalition, widen existing domestic political divisions and project an image of coalition disunity in Poland. In each incident, content was primarily disseminated via Twitter, Facebook, and/ or Instagram accounts belonging to Polish politicians, all of whom have publicly claimed their accounts were compromised at the times the posts were made."_
This example demonstrates how threat actors can use _T0141.001: Acquire Compromised Account_ to distribute inauthentic content while exploiting the legitimate account holder’s persona. |
-| [I00069 Uncharmed: Untangling Iran's APT42 Operations](../../generated_pages/incidents/I00069.md) | “Mandiant identified at least three clusters of infrastructure used by [Iranian state-sponsored cyber espionage actor] APT42 to harvest credentials from targets in the policy and government sectors, media organizations and journalists, and NGOs and activists. The three clusters employ similar tactics, techniques and procedures (TTPs) to target victim credentials (spear-phishing emails), but use slightly varied domains, masquerading patterns, decoys, and themes.
Cluster A: Posing as News Outlets and NGOs:
- Suspected Targeting: credentials of journalists, researchers, and geopolitical entities in regions of interest to Iran.
- Masquerading as: The Washington Post (U.S.), The Economist (UK), The Jerusalem Post (IL), Khaleej Times (UAE), Azadliq (Azerbaijan), and more news outlets and NGOs. This often involves the use of typosquatted domains like washinqtonpost[.]press.
“Mandiant did not observe APT42 target or compromise these organizations, but rather impersonate them.”
In this example APT42, an Iranian state-sponsored cyber espionage actor, impersonated existing news organisations and NGOs (T0097.202 News Outlet Persona, T0097.207: NGO Persona, T0143.003: Impersonated Persona) in attempts to steal credentials from targets (T0141.001: Acquire Compromised Account), using elements of influence operations to facilitate their cyber attacks. |
-| [I00071 Russia-aligned hacktivists stir up anti-Ukrainian sentiments in Poland](../../generated_pages/incidents/I00071.md) | “The August 17 [2022] Telegram post [which contained a falsified letter from the Ukrainian Minister of Foreign Affairs asking Poland to rename Belwederska Street in Warsaw — the location of the Russian embassy building — as Stepan Bandera Street, in honor of the far-right nationalist who led the Ukrainian Insurgent Army during WWII] also contained screenshots of Facebook posts that appeared on two Facebook accounts belonging to Polish nationals Piotr Górka, an expert in the history of the Polish Air Force, and Dariusz Walusiak, a Polish historian and documentary maker. The Górka post suggested that he fully supported the Polish government’s decision to change Belwederska Street to Stepan Bandera Street.
“In a statement to the DFRLab, Górka said his account was accessed without his consent. “This is not my post loaded to my Facebook page,” he explained. “My site was hacked, some days ago.” At the time of publishing, Piotr Górka’s post and his Facebook account were no longer accessible.
“The post on Górka’s Facebook page was shared by Dariusz Walusiak’s Facebook account; the account also reposted it on the Facebook walls of more than twenty other Facebook users, including Adam Kalita, currently working at Krakow branch of the Institute of National Remembrance; Jan Kasprzyk, head of the Office for War Veterans and Victims of Oppression; and Alicja Kondraciuk, a Polish public figure living in Krakow.
“Walusiak’s Facebook account is also no longer accessible. Given his work on Polish history and identity, it seems highly unlikely he would support the Bandera measure; the DFRLab has also reached out to him for comment.
“The fact that Joker DPR’s Telegram post included screenshots of their Facebook posts raises the strong possibility that both Facebook accounts were compromised, and that hackers planted false statements on their pages that would seem out of character for them in order to gain further attention to the forged documents.”
In this example, threat actors used compromised accounts (T0141.001: Acquire Compromised Account) of Polish historians who have enough relevant knowledge to plausibly weigh in on the forged letter’s narrative (T0143.003: Impersonated Persona, T0097.101: Local Persona, T0097.108: Expert Persona).
This matches T0097.108: Expert Persona because the impersonation exploited Górka and Walusiak’s existing personas as experts in Polish history. |
-
-
-
-| Counters | Response types |
-| -------- | -------------- |
-
-
-DO NOT EDIT ABOVE THIS LINE - PLEASE ADD NOTES BELOW
\ No newline at end of file
diff --git a/generated_pages/techniques/T0141.002.md b/generated_pages/techniques/T0141.002.md
deleted file mode 100644
index b820364..0000000
--- a/generated_pages/techniques/T0141.002.md
+++ /dev/null
@@ -1,18 +0,0 @@
-# Technique T0141.002: Acquire Compromised Website
-
-* **Summary**: Threat Actors may take over existing websites to publish or amplify inauthentic narratives. This includes the defacement of websites, and cases where websites’ personas are maintained to add credence to threat actors’ narratives.
See also [Mitre ATT&CK’s T1584 Compromise Infrastructure](https://attack.mitre.org/techniques/T1584/) for more technical information on how threat actors may achieve this objective.
-
-* **Belongs to tactic stage**: TA15
-
-
-| Incident | Descriptions given for this incident |
-| -------- | -------------------- |
-| [I00066 The online war between Qatar and Saudi Arabia](../../generated_pages/incidents/I00066.md) | _"In the early hours of 24 May 2017, a news story appeared on the website of Qatar's official news agency, QNA, reporting that the country's emir, Sheikh Tamim bin Hamad al-Thani, had made an astonishing speech."_
_"[…]_
_"Qatar claimed that the QNA had been hacked. And they said the hack was designed to deliberately spread fake news about the country's leader and its foreign policies. The Qataris specifically blamed UAE, an allegation later repeated by a Washington Post report which cited US intelligence sources. The UAE categorically denied those reports._
_"But the story of the emir's speech unleashed a media free-for-all. Within minutes, Saudi and UAE-owned TV networks - Al Arabiya and Sky News Arabia - picked up on the comments attributed to al-Thani. Both networks accused Qatar of funding extremist groups and of destabilising the region."_
This incident demonstrates how threat actors used _T0141.002: Acquire Compromised Website_ to allow for an inauthentic narrative to be given a level of credibility which caused significant political fallout. |
-
-
-
-| Counters | Response types |
-| -------- | -------------- |
-
-
-DO NOT EDIT ABOVE THIS LINE - PLEASE ADD NOTES BELOW
\ No newline at end of file
diff --git a/generated_pages/techniques/T0141.md b/generated_pages/techniques/T0141.md
deleted file mode 100644
index 7d0abb4..0000000
--- a/generated_pages/techniques/T0141.md
+++ /dev/null
@@ -1,17 +0,0 @@
-# Technique T0141: Acquire Compromised Asset
-
-* **Summary**: Threat Actors may take over existing assets not owned by them through nefarious means, such as using technical exploits, hacking, purchasing compromised accounts from the dark web, or social engineering.
-
-* **Belongs to tactic stage**: TA15
-
-
-| Incident | Descriptions given for this incident |
-| -------- | -------------------- |
-
-
-
-| Counters | Response types |
-| -------- | -------------- |
-
-
-DO NOT EDIT ABOVE THIS LINE - PLEASE ADD NOTES BELOW
\ No newline at end of file
diff --git a/generated_pages/techniques/T0142.md b/generated_pages/techniques/T0142.md
deleted file mode 100644
index 80050d7..0000000
--- a/generated_pages/techniques/T0142.md
+++ /dev/null
@@ -1,21 +0,0 @@
-# Technique T0142: Fabricate Grassroots Movement
-
-* **Summary**: This technique, sometimes known as "astroturfing", occurs when an influence operation disguises itself as a grassroots movement or organisation that supports operation narratives.
-
-Astroturfing aims to increase the appearance of popular support for an evolving grassroots movement in contrast to "Utilise Butterfly Attacks", which aims to discredit an existing grassroots movement.
-
-This Technique was previously called Astroturfing, and used the ID T0099.001
-
-* **Belongs to tactic stage**: TA16
-
-
-| Incident | Descriptions given for this incident |
-| -------- | -------------------- |
-
-
-
-| Counters | Response types |
-| -------- | -------------- |
-
-
-DO NOT EDIT ABOVE THIS LINE - PLEASE ADD NOTES BELOW
\ No newline at end of file
diff --git a/generated_pages/techniques/T0143.001.md b/generated_pages/techniques/T0143.001.md
index 134f188..cc15a4e 100644
--- a/generated_pages/techniques/T0143.001.md
+++ b/generated_pages/techniques/T0143.001.md
@@ -2,13 +2,13 @@
**Summary**: An individual or institution presenting a persona that legitimately matches who or what they are is presenting an authentic persona.
For example, an account which presents as being managed by a member of a country’s military, and is legitimately managed by that person, would be presenting an authentic persona (T0143.001: Authentic Persona, T0097.105: Military Personnel).
Sometimes people can authentically present themselves as who they are while still participating in malicious/inauthentic activity; a legitimate journalist (T0143.001: Authentic Persona, T0097.102: Journalist Persona) may accept bribes to promote products, or they could be tricked by threat actors into sharing an operation’s narrative.
+**Tactic**: TA16 Establish Legitimacy
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA16
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0143.002.md b/generated_pages/techniques/T0143.002.md
index 054b399..95e4ec3 100644
--- a/generated_pages/techniques/T0143.002.md
+++ b/generated_pages/techniques/T0143.002.md
@@ -2,13 +2,13 @@
**Summary**: An individual or institution pretending to have a persona without any legitimate claim to that persona is presenting a fabricated persona, such as a person who presents themselves as a member of a country’s military without having worked in any capacity with the military (T0143.002: Fabricated Persona, T0097.105: Military Personnel).
Sometimes real people can present entirely fabricated personas; they can use real names and photos on social media while also pretending to have credentials or traits they don’t have in real life.
+**Tactic**: TA16 Establish Legitimacy
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA16
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0143.003.md b/generated_pages/techniques/T0143.003.md
index 7c95526..c2c6ffe 100644
--- a/generated_pages/techniques/T0143.003.md
+++ b/generated_pages/techniques/T0143.003.md
@@ -1,14 +1,16 @@
# Technique T0143.003: Impersonated Persona
-**Summary**: Threat actors may impersonate existing individuals or institutions to conceal their network identity, add legitimacy to content, or harm the impersonated target’s reputation. This Technique covers situations where an actor presents themselves as another existing individual or institution.
This Technique was previously called Prepare Assets Impersonating Legitimate Entities and used the ID T0099.
Associated Techniques and Sub-techniques
T0097: Presented Persona: Analysts can use the sub-techniques of T0097: Presented Persona to categorise the type of impersonation. For example, a document developed by a threat actor which falsely presented as a letter from a government department could be documented using T0085.004: Develop Document, T0143.003: Impersonated Persona, and T0097.206: Government Institution Persona.
T0145.001: Copy Account Imagery: Actors may take existing accounts’ profile pictures as part of their impersonation efforts.
+**Summary**: Threat actors may impersonate existing individuals or institutions to conceal their network identity, add legitimacy to content, or harm the impersonated target’s reputation. This Technique covers situations where an actor presents themselves as another existing individual or institution.
This Technique was previously called Prepare Assets Impersonating Legitimate Entities and used the ID T0099.
+
+**Tactic**: TA16 Establish Legitimacy
-| Associated Technique | When to use |
+| Associated Technique | Description |
| --------- | ------------------------- |
+| [T0097 Present Persona](../../generated_pages/techniques/T0097.md) | Analysts can use the sub-techniques of T0097: Presented Persona to categorise the type of impersonation. For example, a document developed by a threat actor which falsely presented as a letter from a government department could be documented using T0085.004: Develop Document, T0143.003: Impersonated Persona, and T0097.206: Government Institution Persona. |
+| [T0145.001 Copy Account Imagery](../../generated_pages/techniques/T0145.001.md) | Actors may take existing accounts’ profile pictures as part of their impersonation efforts. |
-**Belongs to tactic stage**: TA16
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0143.004.md b/generated_pages/techniques/T0143.004.md
index c81702c..eaf232f 100644
--- a/generated_pages/techniques/T0143.004.md
+++ b/generated_pages/techniques/T0143.004.md
@@ -1,14 +1,16 @@
# Technique T0143.004: Parody Persona
-**Summary**: Parody is a form of artistic expression that imitates the style or characteristics of a particular work, genre, or individual in a humorous or satirical way, often to comment on or critique the original work or subject matter. People may present as parodies to create humour or make a point by exaggerating or altering elements of the original, while still maintaining recognizable elements.
The use of parody is not an indication of inauthentic or malicious behaviour; parody allows people to present ideas or criticisms in a comedic or exaggerated manner, softening the impact of sensitive or contentious topics. Because parody is often protected as a form of free speech or artistic expression, it provides a legal and social framework for discussing controversial issues.
However, parody personas may be perceived as authentic personas, leading to people mistakenly believing that a parody account’s statements represent the real opinions of a parodied target. Threat actors may also use the guise of parody to spread campaign content. Parody personas may disclaim that they are operating as a parody, however this is not always the case, and is not always given prominence.
Associated Techniques and Sub-techniques T0097: Presented Persona: Analysts can use the sub-techniques of T0097: Presented Persona to categorise the type of parody. For example, an account presenting as a parody of a business could be documented using T0097.205: Business Persona and T0143.003: Parody Persona.
T0145.001: Copy Account Imagery: Actors may take existing accounts’ profile pictures as part of their parody efforts.
+**Summary**: Parody is a form of artistic expression that imitates the style or characteristics of a particular work, genre, or individual in a humorous or satirical way, often to comment on or critique the original work or subject matter. People may present as parodies to create humour or make a point by exaggerating or altering elements of the original, while still maintaining recognizable elements.
The use of parody is not an indication of inauthentic or malicious behaviour; parody allows people to present ideas or criticisms in a comedic or exaggerated manner, softening the impact of sensitive or contentious topics. Because parody is often protected as a form of free speech or artistic expression, it provides a legal and social framework for discussing controversial issues.
However, parody personas may be perceived as authentic personas, leading to people mistakenly believing that a parody account’s statements represent the real opinions of a parodied target. Threat actors may also use the guise of parody to spread campaign content. Parody personas may disclaim that they are operating as a parody, however this is not always the case, and is not always given prominence.
+
+**Tactic**: TA16 Establish Legitimacy
-| Associated Technique | When to use |
+| Associated Technique | Description |
| --------- | ------------------------- |
+| [T0097 Present Persona](../../generated_pages/techniques/T0097.md) | Analysts can use the sub-techniques of T0097: Presented Persona to categorise the type of parody. For example, an account presenting as a parody of a business could be documented using T0097.205: Business Persona and T0143.003: Parody Persona. |
+| [T0145.001 Copy Account Imagery](../../generated_pages/techniques/T0145.001.md) | Actors may take existing accounts’ profile pictures as part of their parody efforts. |
-**Belongs to tactic stage**: TA16
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0143.md b/generated_pages/techniques/T0143.md
index 2252f7f..608439c 100644
--- a/generated_pages/techniques/T0143.md
+++ b/generated_pages/techniques/T0143.md
@@ -2,13 +2,13 @@
**Summary**: This Technique contains sub-techniques which analysts can use to assert whether an account is presenting an authentic, fabricated, or parody persona:
T0143.001: Authentic Persona
T0143.002: Fabricated Persona
T0143.003: Impersonated Persona
T0143.004: Parody Persona
+**Tactic**: TA16 Establish Legitimacy
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA16
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0144.001.md b/generated_pages/techniques/T0144.001.md
index 4bf08f7..17c407a 100644
--- a/generated_pages/techniques/T0144.001.md
+++ b/generated_pages/techniques/T0144.001.md
@@ -2,13 +2,13 @@
**Summary**: This sub-technique covers situations where analysts have identified the same persona being presented across multiple platforms.
Having multiple accounts presenting the same persona is not an indicator of inauthentic behaviour; many people create accounts and present as themselves on multiple platforms. However, threat actors are known to present the same persona across multiple platforms, benefiting from an increase in perceived legitimacy.
+**Tactic**: TA16 Establish Legitimacy
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA16
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0144.002.md b/generated_pages/techniques/T0144.002.md
index 66ad045..dc58392 100644
--- a/generated_pages/techniques/T0144.002.md
+++ b/generated_pages/techniques/T0144.002.md
@@ -1,14 +1,15 @@
# Technique T0144.002: Persona Template
-**Summary**: Threat actors have been observed following a template when filling their accounts’ online profiles. This may be done to enable account holders to quickly present themselves as a real person with a targeted persona.
For example, an actor may be instructed to create many fabricated local accounts for use in an operation using a template of “[flag emojis], [location], [personal quote], [political party] supporter” in their account’s description.
Associated Techniques and Sub-techniques
T0143.002: Fabricated Persona: The use of a templated account biography in a collection of accounts may be an indicator that the personas have been fabricated.
+**Summary**: Threat actors have been observed following a template when filling their accounts’ online profiles. This may be done to enable account holders to quickly present themselves as a real person with a targeted persona.
For example, an actor may be instructed to create many fabricated local accounts for use in an operation using a template of “[flag emojis], [location], [personal quote], [political party] supporter” in their account’s description.
+
+**Tactic**: TA16 Establish Legitimacy
-| Associated Technique | When to use |
+| Associated Technique | Description |
| --------- | ------------------------- |
+| [T0143.002 Fabricated Persona](../../generated_pages/techniques/T0143.002.md) | The use of a templated account biography in a collection of accounts may be an indicator that the personas have been fabricated. |
-**Belongs to tactic stage**: TA16
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0144.md b/generated_pages/techniques/T0144.md
index 8df68a8..0783789 100644
--- a/generated_pages/techniques/T0144.md
+++ b/generated_pages/techniques/T0144.md
@@ -2,13 +2,13 @@
**Summary**: This Technique contains behaviours which might indicate whether a persona is legitimate, a fabrication, or a parody.
For example, the same persona being consistently presented across platforms is consistent with how authentic users behave on social media. However, threat actors have also displayed this behaviour as a way to increase the perceived legitimacy of their fabricated personas (aka “backstopping”).
+**Tactic**: TA16 Establish Legitimacy
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA16
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0145.001.md b/generated_pages/techniques/T0145.001.md
index 0b1d9d5..63b7787 100644
--- a/generated_pages/techniques/T0145.001.md
+++ b/generated_pages/techniques/T0145.001.md
@@ -1,14 +1,16 @@
# Technique T0145.001: Copy Account Imagery
-**Summary**: Account imagery copied from an existing account.
Analysts may use reverse image search tools to try to identify previous uses of account imagery (e.g. a profile picture) by other accounts.
Threat Actors have been known to copy existing accounts’ imagery to impersonate said accounts, or to provide imagery for unrelated accounts which aren’t intended to impersonate the original assets’ owner.
Associated Techniques and Sub-techniques
T0143.003: Impersonated Persona: Actors may copy existing accounts’ imagery in an attempt to impersonate them.
T0143.004: Parody Persona: Actors may copy existing accounts’ imagery as part of a parody of that account.
+**Summary**: Account imagery copied from an existing account.
Analysts may use reverse image search tools to try to identify previous uses of account imagery (e.g. a profile picture) by other accounts.
Threat Actors have been known to copy existing accounts’ imagery to impersonate said accounts, or to provide imagery for unrelated accounts which aren’t intended to impersonate the original assets’ owner.
+
+**Tactic**: TA15 Establish Assets
-| Associated Technique | When to use |
+| Associated Technique | Description |
| --------- | ------------------------- |
+| [T0143.003 Impersonated Persona](../../generated_pages/techniques/T0143.003.md) | Actors may copy existing accounts’ imagery in an attempt to impersonate them. |
+| [T0143.004 Parody Persona](../../generated_pages/techniques/T0143.004.md) | Actors may copy existing accounts’ imagery as part of a parody of that account. |
-**Belongs to tactic stage**: TA15
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0145.002.md b/generated_pages/techniques/T0145.002.md
index 1cfa31c..c8e3006 100644
--- a/generated_pages/techniques/T0145.002.md
+++ b/generated_pages/techniques/T0145.002.md
@@ -1,14 +1,15 @@
# Technique T0145.002: AI-Generated Account Imagery
-**Summary**: AI Generated images used in account imagery.
An influence operation might flesh out its account by uploading account imagery (e.g. a profile picture), increasing its perceived legitimacy. By using an AI-generated picture for this purpose, they are able to present themselves as a real person without compromising their own identity, or risking detection by taking a real person’s existing profile picture.
Associated Techniques and Sub-techniques
T0086.002: Develop AI-Generated Images (Deepfakes): Analysts should use this sub-technique to document use of AI generated imagery used to support narratives.
+**Summary**: AI Generated images used in account imagery.
An influence operation might flesh out its account by uploading account imagery (e.g. a profile picture), increasing its perceived legitimacy. By using an AI-generated picture for this purpose, they are able to present themselves as a real person without compromising their own identity, or risking detection by taking a real person’s existing profile picture.
+
+**Tactic**: TA15 Establish Assets
-| Associated Technique | When to use |
+| Associated Technique | Description |
| --------- | ------------------------- |
+| [T0086.002 Develop AI-Generated Images (Deepfakes)](../../generated_pages/techniques/T0086.002.md) | Analysts should use this sub-technique to document use of AI generated imagery used to support narratives. |
-**Belongs to tactic stage**: TA15
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0145.003.md b/generated_pages/techniques/T0145.003.md
index fd65db6..000c1aa 100644
--- a/generated_pages/techniques/T0145.003.md
+++ b/generated_pages/techniques/T0145.003.md
@@ -2,13 +2,13 @@
**Summary**: Animal used in account imagery.
An influence operation might flesh out its account by uploading a profile picture, increasing its perceived authenticity.
People sometimes legitimately use images of animals as their profile pictures (e.g. of their pets), and threat actors can mimic this behaviour to avoid the risk of detection associated with stealing or AI-generating profile pictures (see T0145.001: Copy Account Imagery and T0145.002: AI-Generated Account Imagery).
This Technique is often used by Coordinated Inauthentic Behaviour accounts (CIBs). A collection of accounts displaying the same behaviour using similar account imagery can indicate the presence of CIB.
+**Tactic**: TA15 Establish Assets
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA15
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0145.004.md b/generated_pages/techniques/T0145.004.md
index eb026a7..13bdc34 100644
--- a/generated_pages/techniques/T0145.004.md
+++ b/generated_pages/techniques/T0145.004.md
@@ -2,13 +2,13 @@
**Summary**: Scenery or nature used in account imagery.
An influence operation might flesh out its account by uploading account imagery (e.g. a profile picture), increasing its perceived authenticity.
People sometimes legitimately use images of scenery as their profile picture, and threat actors can mimic this behaviour to avoid the risk of detection associated with stealing or AI-generating profile pictures (see T0145.001: Copy Account Imagery and T0145.002: AI-Generated Account Imagery).
This Technique is often used by Coordinated Inauthentic Behaviour accounts (CIBs). A collection of accounts displaying the same behaviour using similar account imagery can indicate the presence of CIB.
+**Tactic**: TA15 Establish Assets
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA15
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0145.005.md b/generated_pages/techniques/T0145.005.md
index 76c173f..ffaef9a 100644
--- a/generated_pages/techniques/T0145.005.md
+++ b/generated_pages/techniques/T0145.005.md
@@ -2,13 +2,13 @@
**Summary**: A cartoon/illustrated/anime character used in account imagery.
An influence operation might flesh out its account by uploading account imagery (e.g. a profile picture), increasing its perceived authenticity.
People sometimes legitimately use images of illustrated characters as their profile picture, and threat actors can mimic this behaviour to avoid the risk of detection associated with stealing or AI-generating profile pictures (see T0145.001: Copy Account Imagery and T0145.002: AI-Generated Account Imagery).
This Technique is often used by Coordinated Inauthentic Behaviour accounts (CIBs). A collection of accounts displaying the same behaviour using similar account imagery can indicate the presence of CIB.
+**Tactic**: TA15 Establish Assets
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA15
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0145.006.md b/generated_pages/techniques/T0145.006.md
index 8408045..17fc530 100644
--- a/generated_pages/techniques/T0145.006.md
+++ b/generated_pages/techniques/T0145.006.md
@@ -1,14 +1,16 @@
# Technique T0145.006: Attractive Person Account Imagery
-**Summary**: Attractive person used in account imagery.
An influence operation might flesh out its account by uploading account imagery (e.g. a profile picture), increasing its perceived authenticity.
Pictures of physically attractive people can benefit threat actors by increasing attention given to their posts.
People sometimes legitimately use images of attractive people as their profile picture, and threat actors can mimic this behaviour to avoid the risk of detection associated with stealing or AI-generating profile pictures (see T0145.001: Copy Account Imagery and T0145.002: AI-Generated Account Imagery).
This Technique is often used by Coordinated Inauthentic Behaviour accounts (CIBs). A collection of accounts displaying the same behaviour using similar account imagery can indicate the presence of CIB.
Associated Techniques and Sub-techniques
T0097.109: Romantic Suitor Persona: Accounts presenting as a romantic suitor may use an attractive person in their account imagery.
T0151.017: Dating Platform: Analysts can use this sub-technique for tagging cases where an account has been identified as using a dating platform.
+**Summary**: Attractive person used in account imagery.
An influence operation might flesh out its account by uploading account imagery (e.g. a profile picture), increasing its perceived authenticity.
Pictures of physically attractive people can benefit threat actors by increasing attention given to their posts.
People sometimes legitimately use images of attractive people as their profile picture, and threat actors can mimic this behaviour to avoid the risk of detection associated with stealing or AI-generating profile pictures (see T0145.001: Copy Account Imagery and T0145.002: AI-Generated Account Imagery).
This Technique is often used by Coordinated Inauthentic Behaviour accounts (CIBs). A collection of accounts displaying the same behaviour using similar account imagery can indicate the presence of CIB.
+
+**Tactic**: TA15 Establish Assets
-| Associated Technique | When to use |
+| Associated Technique | Description |
| --------- | ------------------------- |
+| [T0097.109 Romantic Suitor Persona](../../generated_pages/techniques/T0097.109.md) | Accounts presenting as a romantic suitor may use an attractive person in their account imagery. |
+| [T0151.017 Dating Platform](../../generated_pages/techniques/T0151.017.md) | Analysts can use this sub-technique for tagging cases where an account has been identified as using a dating platform. |
-**Belongs to tactic stage**: TA15
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0145.007.md b/generated_pages/techniques/T0145.007.md
index 46a06cb..26d7261 100644
--- a/generated_pages/techniques/T0145.007.md
+++ b/generated_pages/techniques/T0145.007.md
@@ -2,13 +2,13 @@
**Summary**: Stock images used in account imagery.
Stock image websites produce photos of people in various situations. Threat Actors can purchase or appropriate these images for use in their account imagery, increasing perceived legitimacy while avoiding the risk of detection associated with stealing or AI-generating profile pictures (see T0145.001: Copy Account Imagery and T0145.002: AI-Generated Account Imagery).
Stock images tend to include physically attractive people, and this can benefit threat actors by increasing attention given to their posts.
This Technique is often used by Coordinated Inauthentic Behaviour accounts (CIBs). A collection of accounts displaying the same behaviour using similar account imagery can indicate the presence of CIB.
+**Tactic**: TA15 Establish Assets
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA15
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0145.md b/generated_pages/techniques/T0145.md
index 04e1cc5..5735efc 100644
--- a/generated_pages/techniques/T0145.md
+++ b/generated_pages/techniques/T0145.md
@@ -2,13 +2,13 @@
**Summary**: Introduce visual elements to an account where a platform allows this functionality (e.g. a profile picture, a cover photo, etc).
Threat Actors who don’t want to use pictures of themselves in their social media accounts may use alternate imagery to make their account appear more legitimate.
+**Tactic**: TA15 Establish Assets
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA15
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0146.001.md b/generated_pages/techniques/T0146.001.md
index d7828e5..2fa3740 100644
--- a/generated_pages/techniques/T0146.001.md
+++ b/generated_pages/techniques/T0146.001.md
@@ -2,13 +2,13 @@
**Summary**: Many online platforms allow users to create free accounts on their platform. A Free Account is an Account which does not require payment at account creation and is not subscribed to paid platform features.
+**Tactic**: TA15 Establish Assets
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA15
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0146.002.md b/generated_pages/techniques/T0146.002.md
index 4203548..447e0f6 100644
--- a/generated_pages/techniques/T0146.002.md
+++ b/generated_pages/techniques/T0146.002.md
@@ -2,13 +2,13 @@
**Summary**: Some online platforms afford accounts extra features, or other benefits, if the user pays a fee. For example, as of September 2024, content posted by a Paid Account on X (previously Twitter) is prioritised in the platform’s algorithm.
+**Tactic**: TA15 Establish Assets
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA15
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0146.003.md b/generated_pages/techniques/T0146.003.md
index f40e961..11614c3 100644
--- a/generated_pages/techniques/T0146.003.md
+++ b/generated_pages/techniques/T0146.003.md
@@ -2,13 +2,13 @@
**Summary**: Some online platforms apply badges of verification to accounts which meet certain criteria.
On some platforms (such as dating apps) a verification badge signifies that the account has passed the platform’s identity verification checks. On some platforms (such as X (previously Twitter)) a verification badge signifies that an account has paid for the platform’s service.
+**Tactic**: TA15 Establish Assets
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA15
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0146.004.md b/generated_pages/techniques/T0146.004.md
index 2b0a1d9..f5708a3 100644
--- a/generated_pages/techniques/T0146.004.md
+++ b/generated_pages/techniques/T0146.004.md
@@ -2,13 +2,13 @@
**Summary**: Some accounts will have special privileges / will be in control of the Digital Community Hosting Asset; for example, the Admin of a Facebook Page, a Moderator of a Subreddit, etc. etc.
+**Tactic**: TA15 Establish Assets
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA15
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0146.005.md b/generated_pages/techniques/T0146.005.md
index fd4a0f5..e364eb2 100644
--- a/generated_pages/techniques/T0146.005.md
+++ b/generated_pages/techniques/T0146.005.md
@@ -2,13 +2,13 @@
**Summary**: Many platforms which host online communities require creation of a username (or another unique identifier) when an Account is created.
Sometimes people create usernames which are visually similar to other existing accounts’ usernames. While this is not necessarily an indicator of malicious behaviour, actors can create Lookalike Account IDs to support Impersonations or Parody.
+**Tactic**: TA15 Establish Assets
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA15
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0146.006.md b/generated_pages/techniques/T0146.006.md
index c3556bb..0a19c03 100644
--- a/generated_pages/techniques/T0146.006.md
+++ b/generated_pages/techniques/T0146.006.md
@@ -2,13 +2,13 @@
**Summary**: Some online platforms allow users to take advantage of the platform’s features without creating an account. Examples include the Paste Platform Pastebin, and the Image Board Platforms 4chan and 8chan.
+**Tactic**: TA15 Establish Assets
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA15
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0146.007.md b/generated_pages/techniques/T0146.007.md
index 539036a..5f4786a 100644
--- a/generated_pages/techniques/T0146.007.md
+++ b/generated_pages/techniques/T0146.007.md
@@ -2,13 +2,13 @@
**Summary**: An Automated Account is an account which is displaying automated behaviour, such as republishing or liking other accounts’ content, or publishing their own content.
+**Tactic**: TA15 Establish Assets
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA15
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0146.md b/generated_pages/techniques/T0146.md
index 9c08784..0c8d694 100644
--- a/generated_pages/techniques/T0146.md
+++ b/generated_pages/techniques/T0146.md
@@ -2,13 +2,13 @@
**Summary**: An Account is a user-specific profile that allows access to the features and services of an online platform, typically requiring a username and password for authentication.
+**Tactic**: TA15 Establish Assets
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA15
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0147.001.md b/generated_pages/techniques/T0147.001.md
index 4551f58..6b50ce9 100644
--- a/generated_pages/techniques/T0147.001.md
+++ b/generated_pages/techniques/T0147.001.md
@@ -2,13 +2,13 @@
**Summary**: A Game is Software which has been designed for interactive entertainment, where users take on challenges set by the game’s designers.
While Online Game Platforms allow people to play with each other, Games are designed for single player experiences.
+**Tactic**: TA15 Establish Assets
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA15
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0147.002.md b/generated_pages/techniques/T0147.002.md
index 7bac1bd..aded486 100644
--- a/generated_pages/techniques/T0147.002.md
+++ b/generated_pages/techniques/T0147.002.md
@@ -2,13 +2,13 @@
**Summary**: A Game Mod is a modification which can be applied to a Game or Multiplayer Online Game to add new content or functionality to the game.
Users can Modify Games to introduce new content to the game. Modified Games can be distributed on Software Delivery Platforms such as Steam or can be distributed within the Game or Multiplayer Online Game.
+**Tactic**: TA15 Establish Assets
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA15
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0147.003.md b/generated_pages/techniques/T0147.003.md
index ee37235..1de0c2f 100644
--- a/generated_pages/techniques/T0147.003.md
+++ b/generated_pages/techniques/T0147.003.md
@@ -2,13 +2,13 @@
**Summary**: Malware is Software which has been designed to cause harm or facilitate malicious behaviour on electronic devices.
DISARM recommends using the [MITRE ATT&CK Framework](https://attack.mitre.org/) to document malware types and their usage.
+**Tactic**: TA15 Establish Assets
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA15
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0147.004.md b/generated_pages/techniques/T0147.004.md
index 9de4a78..6d634f9 100644
--- a/generated_pages/techniques/T0147.004.md
+++ b/generated_pages/techniques/T0147.004.md
@@ -2,13 +2,13 @@
**Summary**: A Mobile App is an application which has been designed to run on mobile operating systems, such as Android or iOS.
Mobile Apps can enable access to online platforms (e.g. Facebook’s mobile app) or can provide software which users can run offline on their device.
+**Tactic**: TA15 Establish Assets
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA15
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0147.md b/generated_pages/techniques/T0147.md
index 53037c6..d1d6983 100644
--- a/generated_pages/techniques/T0147.md
+++ b/generated_pages/techniques/T0147.md
@@ -2,13 +2,13 @@
**Summary**: A Software is a program developed to run on computers or devices that helps users achieve specific goals, such as improving productivity, automating tasks, or having fun.
+**Tactic**: TA15 Establish Assets
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA15
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0148.001.md b/generated_pages/techniques/T0148.001.md
index 4c4711b..8037592 100644
--- a/generated_pages/techniques/T0148.001.md
+++ b/generated_pages/techniques/T0148.001.md
@@ -2,13 +2,13 @@
**Summary**: Online Banking Platforms are spaces provided by banks for their customers to manage their Bank Account online.
The Online Banking Platforms available differ by country. In the United Kingdom, examples of banking institutions which provide Online Banking Platforms include Lloyds, Barclays, and Monzo. In the United States, examples include Citibank, Chase, and Capital One.
+**Tactic**: TA15 Establish Assets
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA15
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0148.002.md b/generated_pages/techniques/T0148.002.md
index e099100..5676614 100644
--- a/generated_pages/techniques/T0148.002.md
+++ b/generated_pages/techniques/T0148.002.md
@@ -2,13 +2,13 @@
**Summary**: A Bank Account is a financial account that allows individuals or organisations to store, manage, and access their money, typically for saving, spending, or investment purposes.
+**Tactic**: TA15 Establish Assets
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA15
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0148.003.md b/generated_pages/techniques/T0148.003.md
index a79c73e..cceebd4 100644
--- a/generated_pages/techniques/T0148.003.md
+++ b/generated_pages/techniques/T0148.003.md
@@ -2,13 +2,13 @@
**Summary**: Stripe, Paypal, and Apple Pay, Chargebee, Recurly and Zuora are examples of Payment Processing Platforms.
Payment Processing Platforms produce programs providing Payment Processing or Subscription Processing capabilities which actors can use to set up online storefronts, or to take donations.
+**Tactic**: TA15 Establish Assets
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA15
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0148.004.md b/generated_pages/techniques/T0148.004.md
index 918ab41..30a3443 100644
--- a/generated_pages/techniques/T0148.004.md
+++ b/generated_pages/techniques/T0148.004.md
@@ -2,13 +2,13 @@
**Summary**: A Payment Processing Capability is a feature of online platforms or software which enables the processing of one-off payments (e.g. an online checkout, or donation processing page).
Payment Processing Capabilities can enable platform users to purchase products or services or can facilitate donations to a given cause.
+**Tactic**: TA15 Establish Assets
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA15
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0148.005.md b/generated_pages/techniques/T0148.005.md
index fae46af..991b60f 100644
--- a/generated_pages/techniques/T0148.005.md
+++ b/generated_pages/techniques/T0148.005.md
@@ -2,13 +2,13 @@
**Summary**: A Subscription Processing Capability is a feature of online platforms or software which enables the processing of recurring payments.
Subscription Processing Capabilities are typically used to enable recurring payments in exchange for continued access to products or services.
+**Tactic**: TA15 Establish Assets
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA15
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0148.006.md b/generated_pages/techniques/T0148.006.md
index 005c09f..f6d5358 100644
--- a/generated_pages/techniques/T0148.006.md
+++ b/generated_pages/techniques/T0148.006.md
@@ -2,13 +2,13 @@
**Summary**: Kickstarter and GoFundMe are examples of Crowdfunding Platforms.
Crowdfunding Platforms enable users with Accounts to create projects for other platform users to finance, usually in exchange for access to fruits of the project.
+**Tactic**: TA15 Establish Assets
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA15
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0148.007.md b/generated_pages/techniques/T0148.007.md
index b2229d7..4d94c67 100644
--- a/generated_pages/techniques/T0148.007.md
+++ b/generated_pages/techniques/T0148.007.md
@@ -2,13 +2,13 @@
**Summary**: Amazon, eBay and Etsy are examples of eCommerce Platforms.
eCommerce Platforms enable users with Accounts to create online storefronts from which other platform users can purchase goods or services.
+**Tactic**: TA15 Establish Assets
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA15
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0148.008.md b/generated_pages/techniques/T0148.008.md
index e410b55..72efa81 100644
--- a/generated_pages/techniques/T0148.008.md
+++ b/generated_pages/techniques/T0148.008.md
@@ -2,13 +2,13 @@
**Summary**: Coinbase and Kraken are examples of Cryptocurrency Exchange Platforms.
Cryptocurrency Exchange Platforms provide users a digital marketplace where they can buy, sell, and trade cryptocurrencies, such as Bitcoin or Ethereum.
Some Cryptocurrency Exchange Platforms allow users to create a Cryptocurrency Wallet.
+**Tactic**: TA15 Establish Assets
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA15
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0148.009.md b/generated_pages/techniques/T0148.009.md
index 8811e37..f88b8e2 100644
--- a/generated_pages/techniques/T0148.009.md
+++ b/generated_pages/techniques/T0148.009.md
@@ -2,13 +2,13 @@
**Summary**: A Cryptocurrency Wallet is a digital tool that allows users to store, send, and receive cryptocurrencies. It manages private and public keys, enabling secure access to a user's crypto assets.
An influence operation might use cryptocurrency to conceal that they are conducting operational activities, building assets, or sponsoring aligning entities.
+**Tactic**: TA15 Establish Assets
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA15
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0148.md b/generated_pages/techniques/T0148.md
index 9f164e5..2507086 100644
--- a/generated_pages/techniques/T0148.md
+++ b/generated_pages/techniques/T0148.md
@@ -2,13 +2,13 @@
**Summary**: A Financial Instrument is a platform or software that facilitates the sending, receiving, and management of money, enabling financial transactions between users or organisations.
Threat actors can deploy financial instruments legitimately to manage their own finances or illegitimately to support fraud schemes.
+**Tactic**: TA15 Establish Assets
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA15
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0149.001.md b/generated_pages/techniques/T0149.001.md
index 8655b23..6733245 100644
--- a/generated_pages/techniques/T0149.001.md
+++ b/generated_pages/techniques/T0149.001.md
@@ -2,13 +2,13 @@
**Summary**: A Domain is a web address (such as “google[.]com”), used to navigate to Websites on the internet.
Domains differ from Websites in that Websites are considered to be developed web pages which host content, whereas Domains do not necessarily host public-facing web content.
A threat actor may register a new domain to bypass the old domain being blocked.
+**Tactic**: TA15 Establish Assets
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA15
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0149.002.md b/generated_pages/techniques/T0149.002.md
index 5f82552..0c9298f 100644
--- a/generated_pages/techniques/T0149.002.md
+++ b/generated_pages/techniques/T0149.002.md
@@ -2,13 +2,13 @@
**Summary**: An Email Domain is a Domain (such as “meta[.]com”) which has the ability to send emails (e.g. from an @meta[.]com address).
Any Domain which has an MX (Mail Exchange) record and configured SMTP (Simple Mail Transfer Protocol) settings can send and receive emails, and is therefore an Email Domain.
+**Tactic**: TA15 Establish Assets
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA15
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0149.003.md b/generated_pages/techniques/T0149.003.md
index 6d3879f..0a89f1d 100644
--- a/generated_pages/techniques/T0149.003.md
+++ b/generated_pages/techniques/T0149.003.md
@@ -2,13 +2,13 @@
**Summary**: A Lookalike Domain is a Domain which is visually similar to another Domain, with the potential for web users to mistake one domain for the other.
Threat actors who want to impersonate organisations’ websites have been observed using a variety of domain impersonation methods. For example, actors wanting to create a domain impersonating netflix.com may use methods such as typosquatting (e.g. n3tflix.com), combosquatting (e.g. netflix-billing.com), or TLD swapping (e.g. netflix.top).
+**Tactic**: TA15 Establish Assets
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA15
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0149.004.md b/generated_pages/techniques/T0149.004.md
index 013c522..55bc2b7 100644
--- a/generated_pages/techniques/T0149.004.md
+++ b/generated_pages/techniques/T0149.004.md
@@ -2,13 +2,13 @@
**Summary**: A Redirecting Domain is a Domain which has been configured to redirect users to another Domain when visited.
+**Tactic**: TA15 Establish Assets
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA15
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0149.005.md b/generated_pages/techniques/T0149.005.md
index 9f82d1a..ad94ac0 100644
--- a/generated_pages/techniques/T0149.005.md
+++ b/generated_pages/techniques/T0149.005.md
@@ -2,13 +2,13 @@
**Summary**: A Server is a computer which provides resources, services, or data to other computers over a network. There are different types of servers, such as web servers (which serve web pages and applications to users), database servers (which manage and provide access to databases), and file servers (which store and share files across a network).
+**Tactic**: TA15 Establish Assets
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA15
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0149.006.md b/generated_pages/techniques/T0149.006.md
index 84aac42..59ba086 100644
--- a/generated_pages/techniques/T0149.006.md
+++ b/generated_pages/techniques/T0149.006.md
@@ -2,13 +2,13 @@
**Summary**: An IP Address is a unique numerical label assigned to each device connected to a computer network that uses the Internet Protocol for communication. IP addresses are commonly a part of any online infrastructure.
IP addresses can be in IPV4 dotted decimal (x.x.x.x) or IPV6 colon-separated hexadecimal (y:y:y:y:y:y:y:y) formats.
+**Tactic**: TA15 Establish Assets
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA15
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0149.007.md b/generated_pages/techniques/T0149.007.md
index 8c2a570..469a792 100644
--- a/generated_pages/techniques/T0149.007.md
+++ b/generated_pages/techniques/T0149.007.md
@@ -2,13 +2,13 @@
**Summary**: A VPN (Virtual Private Network) is a service which creates secure, encrypted connections over the internet, allowing users to transmit data safely and access network resources remotely. It masks IP Addresses, enhancing privacy and security by preventing unauthorised access and tracking. VPNs are commonly used for protecting sensitive information, bypassing geographic restrictions, and maintaining online anonymity.
VPNs can also allow a threat actor to pose as if they are located in one country while in reality being based in another. By doing so, they can try to either mis-attribute their activities to another actor or better hide their own identity.
+**Tactic**: TA15 Establish Assets
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA15
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0149.008.md b/generated_pages/techniques/T0149.008.md
index d284bf9..a5058e2 100644
--- a/generated_pages/techniques/T0149.008.md
+++ b/generated_pages/techniques/T0149.008.md
@@ -2,13 +2,13 @@
**Summary**: A Proxy IP Address allows a threat actor to mask their real IP Address by putting a layer between them and the online content they’re connecting with.
Proxy IP Addresses can hide the connection between the threat actor and their online infrastructure.
+**Tactic**: TA15 Establish Assets
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA15
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0149.009.md b/generated_pages/techniques/T0149.009.md
index e5f4e77..8b1f3ed 100644
--- a/generated_pages/techniques/T0149.009.md
+++ b/generated_pages/techniques/T0149.009.md
@@ -2,13 +2,13 @@
**Summary**: An Internet Connected Physical Asset (sometimes referred to as IoT (Internet of Things)) is a physical asset which has internet connectivity to support online features, such as digital signage, wireless printers, and smart TVs.
+**Tactic**: TA15 Establish Assets
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA15
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0149.md b/generated_pages/techniques/T0149.md
index 7b98f86..2a8902d 100644
--- a/generated_pages/techniques/T0149.md
+++ b/generated_pages/techniques/T0149.md
@@ -2,13 +2,13 @@
**Summary**: Online Infrastructure consists of technical assets which enable online activity, such as domains, servers, and IP addresses.
+**Tactic**: TA15 Establish Assets
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA15
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0150.001.md b/generated_pages/techniques/T0150.001.md
index 0edaf25..6469aa0 100644
--- a/generated_pages/techniques/T0150.001.md
+++ b/generated_pages/techniques/T0150.001.md
@@ -2,13 +2,13 @@
**Summary**: A Newly Created Asset is an asset which has been created and used for the first time in a documented potential incident.
For example, analysts which can identify a recent creation date of Accounts participating in the spread of a new narrative can assert these are Newly Created Assets.
Analysts should use Dormant if the asset was created and laid dormant for an extended period of time before activity.
+**Tactic**: TA15 Establish Assets
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA15
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0150.002.md b/generated_pages/techniques/T0150.002.md
index 866017d..e9e2a42 100644
--- a/generated_pages/techniques/T0150.002.md
+++ b/generated_pages/techniques/T0150.002.md
@@ -2,13 +2,13 @@
**Summary**: A Dormant Asset is an asset which was inactive for an extended period before being used in a documented potential incident.
+**Tactic**: TA15 Establish Assets
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA15
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0150.003.md b/generated_pages/techniques/T0150.003.md
index ff17fd1..2c90dd5 100644
--- a/generated_pages/techniques/T0150.003.md
+++ b/generated_pages/techniques/T0150.003.md
@@ -2,13 +2,13 @@
**Summary**: Pre-Existing Assets are assets which existed before the observed incident which have not been Repurposed; i.e. they are still being used for their original purpose.
An example could be an Account which presented itself with a Journalist Persona prior to and during the observed potential incident.
+**Tactic**: TA15 Establish Assets
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA15
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0150.004.md b/generated_pages/techniques/T0150.004.md
index 30916ce..4ad7d34 100644
--- a/generated_pages/techniques/T0150.004.md
+++ b/generated_pages/techniques/T0150.004.md
@@ -2,13 +2,13 @@
**Summary**: Repurposed Assets are assets which have been identified as being used previously, but are now being used for different purposes, or have new Presented Personas.
Actors have been documented compromising assets, and then repurposing them to present Inauthentic Personas as part of their operations.
+**Tactic**: TA15 Establish Assets
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA15
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0150.005.md b/generated_pages/techniques/T0150.005.md
index 4f4ee48..6cf77d7 100644
--- a/generated_pages/techniques/T0150.005.md
+++ b/generated_pages/techniques/T0150.005.md
@@ -2,13 +2,13 @@
**Summary**: A Compromised Asset is an asset which was originally created or belonged to another person or organisation, but which an actor has gained access to without their consent.
See also MITRE ATT&CK T1708: Valid Accounts.
+**Tactic**: TA15 Establish Assets
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA15
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0150.006.md b/generated_pages/techniques/T0150.006.md
index b8175e4..27018ec 100644
--- a/generated_pages/techniques/T0150.006.md
+++ b/generated_pages/techniques/T0150.006.md
@@ -2,13 +2,13 @@
**Summary**: A Purchased Asset is an asset which actors paid for the ownership of.
For example, threat actors have been observed selling compromised social media accounts on dark web marketplaces, which can be used to disguise operation activity.
+**Tactic**: TA15 Establish Assets
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA15
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0150.007.md b/generated_pages/techniques/T0150.007.md
index 2f920a3..ffc455a 100644
--- a/generated_pages/techniques/T0150.007.md
+++ b/generated_pages/techniques/T0150.007.md
@@ -2,13 +2,13 @@
**Summary**: A Rented Asset is an asset which actors are temporarily renting or subscribing to.
For example, threat actors have been observed renting temporary access to legitimate accounts on online platforms in order to disguise operation activity.
+**Tactic**: TA15 Establish Assets
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA15
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0150.008.md b/generated_pages/techniques/T0150.008.md
index 757a93a..b1a6b38 100644
--- a/generated_pages/techniques/T0150.008.md
+++ b/generated_pages/techniques/T0150.008.md
@@ -2,13 +2,13 @@
**Summary**: A Bulk Created Asset is an asset which was created alongside many other instances of the same asset.
Actors have been observed bulk creating Accounts on Social Media Platforms such as Facebook. Indicators of bulk asset creation include its creation date, assets’ naming conventions, their configuration (e.g. templated personas, visually similar profile pictures), or their activity (e.g. post timings, narratives posted).
+**Tactic**: TA15 Establish Assets
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA15
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0150.md b/generated_pages/techniques/T0150.md
index c6c24ab..fa47f11 100644
--- a/generated_pages/techniques/T0150.md
+++ b/generated_pages/techniques/T0150.md
@@ -2,13 +2,13 @@
**Summary**: Asset Origin contains a list of ways that an actor can obtain an asset. For example, they can create new accounts on online platforms, or they can compromise existing accounts or websites.
+**Tactic**: TA15 Establish Assets
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA15
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0151.001.md b/generated_pages/techniques/T0151.001.md
index 510d39e..26f1fba 100644
--- a/generated_pages/techniques/T0151.001.md
+++ b/generated_pages/techniques/T0151.001.md
@@ -2,13 +2,13 @@
**Summary**: Examples of popular Social Media Platforms include Facebook, Instagram, and VK.
Social Media Platforms allow users to create Accounts, which they can configure to present themselves to other platform users. This typically involves Establishing Account Imagery and Presenting a Persona.
Social Media Platforms typically allow the creation of Online Community Groups and Online Community Pages.
Accounts on Social Media Platforms are typically presented with a feed of content posted to the platform. The content that populates this feed can be aggregated by the platform’s proprietary Content Recommendation Algorithm, or users can “friend” or “follow” other accounts to add their posts to their feed.
Many Social Media Platforms also allow users to send direct messages to other users on the platform.
+**Tactic**: TA07 Select Channels and Affordances
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA07
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0151.002.md b/generated_pages/techniques/T0151.002.md
index c06e466..fd0bd55 100644
--- a/generated_pages/techniques/T0151.002.md
+++ b/generated_pages/techniques/T0151.002.md
@@ -2,13 +2,13 @@
**Summary**: Some online platforms allow people with Accounts to create Online Community Groups. Groups are usually created around a specific topic or locality, and allow users to post content to the group, and interact with other users’ posted content.
For example, Meta’s Social Media Platform Facebook allows users to create a “Facebook group”. This feature is not exclusive to Social Media Platforms; the Microblogging Platform X (prev. Twitter) allows users to create “X Communities”, groups based on particular topics which users can join and post to; the Software Delivery Platform Steam allows users to create Steam Community Groups.
Online Community Groups can be open or gated (for example, groups can require admin approval before users can join).
+**Tactic**: TA07 Select Channels and Affordances
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA07
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0151.003.md b/generated_pages/techniques/T0151.003.md
index 2c93cc2..e87a244 100644
--- a/generated_pages/techniques/T0151.003.md
+++ b/generated_pages/techniques/T0151.003.md
@@ -2,13 +2,13 @@
**Summary**: A Facebook Page is an example of an Online Community Page.
Online Community Pages allow Administrator Accounts to post content to the page, which other users can interact with. Pages can be followed or liked by other users - but these users can’t initiate new posts to the page.
+**Tactic**: TA07 Select Channels and Affordances
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA07
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0151.004.md b/generated_pages/techniques/T0151.004.md
index bc91d2b..624bf9c 100644
--- a/generated_pages/techniques/T0151.004.md
+++ b/generated_pages/techniques/T0151.004.md
@@ -2,13 +2,13 @@
**Summary**: Examples of popular Chat Platforms include WhatsApp, WeChat, Telegram, and Signal; Slack, Mattermost, and Discord; Zoom, GoTo Meeting, and WebEx.
Chat Platforms allow users to engage in text, audio, or video chats with other platform users.
Different Chat Platforms afford users different capabilities. Examples include Direct Messaging, Chat Rooms, Chat Broadcast Channels, and Chat Community Servers.
Some Chat Platforms enable encrypted communication between platform users.
+**Tactic**: TA07 Select Channels and Affordances
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA07
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0151.005.md b/generated_pages/techniques/T0151.005.md
index 9e0dcbf..a0ce8d0 100644
--- a/generated_pages/techniques/T0151.005.md
+++ b/generated_pages/techniques/T0151.005.md
@@ -2,13 +2,13 @@
**Summary**: Chat Platforms such as Discord, Slack, and Microsoft Teams allow users to create their own Chat Community Servers, which they can invite other platform users to join.
Chat Community Servers are online communities made up of Chat Rooms (or “Channels”) in which users can discuss the given group’s topic. Groups can either be public (shown in the server’s browsable list of channels, available for any member to view and join) or Gated (users must be added to the chat group by existing members to participate).
Some Chat Community Servers allow users to create Chat Broadcast Groups, in which only specific members (e.g. server administrators) of the chat are able to post new content to the group.
+**Tactic**: TA07 Select Channels and Affordances
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA07
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0151.006.md b/generated_pages/techniques/T0151.006.md
index 085fef9..cabaa34 100644
--- a/generated_pages/techniques/T0151.006.md
+++ b/generated_pages/techniques/T0151.006.md
@@ -2,13 +2,13 @@
**Summary**: Many platforms which enable community interaction allow users to create Chat Rooms; a room in which members of the group can talk to each other via text, audio, or video.
Most Chat Rooms are Gated; users must be added to the chat group before they can post to the chat group, or view its content. For example, on WhatsApp a user can create a Chat Room containing other WhatsApp users whose contact information they have. At this point the user who created the Chat Room has an Administrator Account; they are uniquely able to add other users to the Chat Room.
However, Chat Rooms made on Chat Community Servers such as Discord can be Gated or open. If left open, anyone on the server can view the Chat Room (“channel”), read its contents, and choose to join it.
Examples of Platforms which allow creation of Chat Rooms include:
Instagram, Facebook, X (prev. Twitter) (Group Direct Messaging)
Whatsapp, Telegram, WeChat, Signal (Group Chats)
Discord, Slack, Mattermost, Microsoft Teams (Channels)
+**Tactic**: TA07 Select Channels and Affordances
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA07
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0151.007.md b/generated_pages/techniques/T0151.007.md
index d2e5b5c..dfd2b2d 100644
--- a/generated_pages/techniques/T0151.007.md
+++ b/generated_pages/techniques/T0151.007.md
@@ -2,13 +2,13 @@
**Summary**: A Chat Broadcast Group is a type of Chat Group in which only specific members can send content to the channel (typically administrators, or approved group members). Members of the channel may be able to react to content, or comment on it, but can’t directly push new content to the channel.
Examples include:
WhatsApp, Telegram, Discord: Chat Groups in which only admins are able to post new content.
X (prev. Twitter): Spaces (an audio discussion hosting feature) in which admins control who can speak at a given moment.
+**Tactic**: TA07 Select Channels and Affordances
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA07
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0151.008.md b/generated_pages/techniques/T0151.008.md
index 566bb80..01a6af4 100644
--- a/generated_pages/techniques/T0151.008.md
+++ b/generated_pages/techniques/T0151.008.md
@@ -2,13 +2,13 @@
**Summary**: Examples of Microblogging Platforms include TikTok, Threads, Bluesky, Mastodon, QQ, Tumblr, and X (formerly Twitter).
Microblogging Platforms allow users to create Accounts, which they can configure to present themselves to other platform users. This typically involves Establishing Account Imagery and Presenting a Persona.
Accounts on Microblogging Platforms are able to post short-form text content alongside media.
Content posted to the platforms is aggregated into different feeds and presented to the user. Typical feeds include content posted by other Accounts which the user follows, and content promoted by the platform’s proprietary Content Recommendation Algorithm. Users can also search or use hashtags to discover new content.
Mastodon is an open-source decentralised software which allows anyone to create their own Microblogging Platform that can communicate with other platforms within the “fediverse” (similar to how different email platforms can send emails to each other). Meta’s Threads is a Microblogging Platform which can interact with the fediverse.
+**Tactic**: TA07 Select Channels and Affordances
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA07
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0151.009.md b/generated_pages/techniques/T0151.009.md
index 7dd182a..4d4fc34 100644
--- a/generated_pages/techniques/T0151.009.md
+++ b/generated_pages/techniques/T0151.009.md
@@ -2,13 +2,13 @@
**Summary**: Examples of Legacy Online Forum Platforms include Something Awful (SA Forums), Ars Technica forums, and NeoGAF, and the forums available on the Mumsnet and War Thunder websites.
Legacy Online Forum Platforms are a type of message board (using software such as vBulletin or phpBB) popular in the early 2000s for online communities. They are often used to provide spaces for a community to exist around a given website or topic.
Legacy Online Forum Platforms allow users to create Accounts to join in discussion threads posted to any number of Forums and Sub-Forums on the platform. Forums and Sub-Forums can be Gated, allowing access to approved users only. They can vary in size. Some are larger platforms that host a wider set of topics and communities while others are smaller in scope and size.
+**Tactic**: TA07 Select Channels and Affordances
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA07
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0151.010.md b/generated_pages/techniques/T0151.010.md
index 7c75f4d..c0ee61d 100644
--- a/generated_pages/techniques/T0151.010.md
+++ b/generated_pages/techniques/T0151.010.md
@@ -2,13 +2,13 @@
**Summary**: Reddit, Lemmy and Tildes are examples of Community Forum Platforms.
Community Forum Platforms are exemplified by users’ ability to create their own sub-communities (Community Sub-Forums) which other platform users can join.
Platform users can view aggregated content from all Community Sub-Forums they subscribe to, or they can view all content from a particular Community Sub-Forum.
+**Tactic**: TA07 Select Channels and Affordances
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA07
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0151.011.md b/generated_pages/techniques/T0151.011.md
index bf54c18..bb8c959 100644
--- a/generated_pages/techniques/T0151.011.md
+++ b/generated_pages/techniques/T0151.011.md
@@ -2,13 +2,13 @@
**Summary**: Community Forum Platforms are made up of many Community Sub-Forums. Sub-Forums provide spaces for platform users to create a community based around any topic.
For example, Reddit (a popular Community Forum Platform) has over 138,000 “subreddits” (Community Sub-Forums), including 1082 unique cat-based communities.
Typically, Sub-Forums allow users post text, image, or video to them, and other platform users can up/downvote, or comment on it. Sub-forums may have their own extra rules alongside the platform’s global rules, enforced by community moderators.
While most Sub-Forums are made by users with Accounts on the Community Forum Platform, Sub-Forums can also be created by the platform itself.
+**Tactic**: TA07 Select Channels and Affordances
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA07
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0151.012.md b/generated_pages/techniques/T0151.012.md
index 485ef65..a07e687 100644
--- a/generated_pages/techniques/T0151.012.md
+++ b/generated_pages/techniques/T0151.012.md
@@ -2,13 +2,13 @@
**Summary**: 4chan and 8chan are examples of Image Board Platforms.
Image Board Platforms provide individual boards on which users can start threads related to the board’s topic. For example, 4chan’s /pol/ board provides a space for users to talk about politics.
Most Image Board Platforms allow users to post without creating an account. Posts are typically made anonymously, although users can choose to post under a pseudonym.
+**Tactic**: TA07 Select Channels and Affordances
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA07
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0151.013.md b/generated_pages/techniques/T0151.013.md
index b1b9b08..d7445ba 100644
--- a/generated_pages/techniques/T0151.013.md
+++ b/generated_pages/techniques/T0151.013.md
@@ -2,13 +2,13 @@
**Summary**: Quora, Stack Overflow, and Yahoo Answers are examples of Question and Answer Platforms.
Question and Answer Platforms allow users to create Accounts letting them post questions to the platform community, and respond to other platform users’ questions.
+**Tactic**: TA07 Select Channels and Affordances
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA07
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0151.014.md b/generated_pages/techniques/T0151.014.md
index 11d6a64..13d5d9e 100644
--- a/generated_pages/techniques/T0151.014.md
+++ b/generated_pages/techniques/T0151.014.md
@@ -2,13 +2,13 @@
**Summary**: Many platforms enable community interaction via Comments Sections on posted content. Comments Sections allow platform users to comment on content posted by other users.
On some platforms Comments Sections are the only place available for community interaction, such as news websites which provide a Comments Section to discuss articles posted to the website.
+**Tactic**: TA07 Select Channels and Affordances
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA07
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0151.015.md b/generated_pages/techniques/T0151.015.md
index 9b9c8b7..d648442 100644
--- a/generated_pages/techniques/T0151.015.md
+++ b/generated_pages/techniques/T0151.015.md
@@ -2,13 +2,13 @@
**Summary**: Roblox, Minecraft, Fortnite, League of Legends, and World of Warcraft are examples of Online Game Platforms.
Online Game Platforms allow users to create Accounts which they can use to access Online Game Sessions; i.e. an individual instance of a multiplayer online game.
Many Online Game Platforms support text or voice chat within Online Game Sessions.
+**Tactic**: TA07 Select Channels and Affordances
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA07
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0151.016.md b/generated_pages/techniques/T0151.016.md
index ba146b8..92e795f 100644
--- a/generated_pages/techniques/T0151.016.md
+++ b/generated_pages/techniques/T0151.016.md
@@ -2,13 +2,13 @@
**Summary**: Online Game Sessions are instances of a game played on an Online Game Platform. Examples of Online Game Sessions include a match in Fortnite or League of Legends, or a server in Minecraft, Fortnite, or World of Warcraft.
Some Online Game Platforms (such as Fortnite, League of Legends, and World of Warcraft) host Online Game Sessions on their own Servers, and don’t allow other actors to host Online Game Sessions.
Some Online Game Platforms (such as Roblox and Minecraft) allow users to host instances of Online Game Sessions on their own Servers.
+**Tactic**: TA07 Select Channels and Affordances
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA07
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0151.017.md b/generated_pages/techniques/T0151.017.md
index 7733c58..5c8c64b 100644
--- a/generated_pages/techniques/T0151.017.md
+++ b/generated_pages/techniques/T0151.017.md
@@ -2,13 +2,13 @@
**Summary**: Tinder, Bumble, Grindr, Tantan, Badoo, Plenty of Fish, hinge, LOVOO, OkCupid, happn, and Mamba are examples of Dating Platforms.
Dating Platforms allow users to create Accounts, letting them connect with other platform users with the purpose of developing a physical/romantic relationship.
+**Tactic**: TA07 Select Channels and Affordances
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA07
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0151.md b/generated_pages/techniques/T0151.md
index 3dee981..73c9331 100644
--- a/generated_pages/techniques/T0151.md
+++ b/generated_pages/techniques/T0151.md
@@ -2,13 +2,13 @@
**Summary**: A Digital Community Hosting Asset is an online asset which can be used by actors to provide spaces for users to interact with each other.
Sub-techniques categorised under Digital Community Hosting Assets can include Content Hosting and Content Delivery capabilities; however, their nominal primary purpose is to provide a space for community interaction.
+**Tactic**: TA07 Select Channels and Affordances
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA07
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0152.001.md b/generated_pages/techniques/T0152.001.md
index 064a567..8722d91 100644
--- a/generated_pages/techniques/T0152.001.md
+++ b/generated_pages/techniques/T0152.001.md
@@ -2,13 +2,13 @@
**Summary**: Medium and Substack are examples of Blogging Platforms.
By creating an Account on a Blogging Platform, people are able to create their own Blog.
+**Tactic**: TA07 Select Channels and Affordances
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA07
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0152.002.md b/generated_pages/techniques/T0152.002.md
index ec449b2..2e98829 100644
--- a/generated_pages/techniques/T0152.002.md
+++ b/generated_pages/techniques/T0152.002.md
@@ -2,13 +2,13 @@
**Summary**: Blogs are a collation of posts centred on a particular topic, author, or collection of authors.
Some platforms are designed to support users in hosting content online, such as Blogging Platforms like Substack which allow users to create Blogs, but other online platforms can also be used to produce a Blog; a Paid Account on X (prev Twitter) is able to post long-form text content to their timeline in a style of a blog.
Actors may create Accounts on Blogging Platforms to create a Blog, or make their own Blog on a Website.
+**Tactic**: TA07 Select Channels and Affordances
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA07
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0152.003.md b/generated_pages/techniques/T0152.003.md
index a768780..3cb77f6 100644
--- a/generated_pages/techniques/T0152.003.md
+++ b/generated_pages/techniques/T0152.003.md
@@ -2,13 +2,13 @@
**Summary**: Examples of Website Hosting Platforms include Wix, Webflow, Weebly, and Wordpress.
Website Hosting Platforms help users with managing online infrastructure required to host a website online; such as securing IP Addresses and Domains.
+**Tactic**: TA07 Select Channels and Affordances
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA07
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0152.004.md b/generated_pages/techniques/T0152.004.md
index 09a6843..5080c25 100644
--- a/generated_pages/techniques/T0152.004.md
+++ b/generated_pages/techniques/T0152.004.md
@@ -2,13 +2,13 @@
**Summary**: A Website is a collection of related web pages hosted on a server and accessible via a web browser. Websites have an associated Domain and can host various types of content, such as text, images, videos, and interactive features.
When a Website is fleshed out, it Presents a Persona to site visitors. For example, the Domain “bbc.co.uk/news” hosts a Website which uses the News Outlet Persona.
+**Tactic**: TA07 Select Channels and Affordances
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA07
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0152.005.md b/generated_pages/techniques/T0152.005.md
index 23db328..bb85bf3 100644
--- a/generated_pages/techniques/T0152.005.md
+++ b/generated_pages/techniques/T0152.005.md
@@ -2,13 +2,13 @@
**Summary**: Pastebin is an example of a Paste Platform.
Paste Platforms allow people to upload unformatted text to the platform, which they can share via a link. Some Paste Platforms are Open Access Platforms which allow users to upload content without creating an Account first.
+**Tactic**: TA07 Select Channels and Affordances
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA07
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0152.006.md b/generated_pages/techniques/T0152.006.md
index fd83b24..50a55a8 100644
--- a/generated_pages/techniques/T0152.006.md
+++ b/generated_pages/techniques/T0152.006.md
@@ -2,13 +2,13 @@
**Summary**: YouTube, Vimeo, and LiveLeak are examples of Video Platforms.
Video Platforms allow people to create Accounts which they can use to upload video content for people to watch on the platform.
The ability to host videos is not exclusive to Video Platforms; many online platforms allow users with Accounts to upload video content. However, Video Platforms’ primary purpose is to be a place to host and view video content.
+**Tactic**: TA07 Select Channels and Affordances
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA07
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0152.007.md b/generated_pages/techniques/T0152.007.md
index e3036c1..5d196d9 100644
--- a/generated_pages/techniques/T0152.007.md
+++ b/generated_pages/techniques/T0152.007.md
@@ -2,13 +2,13 @@
**Summary**: Soundcloud, Spotify, and YouTube Music; Apple Podcasts, Podbean, and Captivate are examples of Audio Platforms.
Audio Platforms allow people to create Accounts which they can use to upload audio content to the platform.
The ability to host audio is not exclusive to Audio Platforms; many online platforms allow users with Accounts to upload audio content. However, Audio Platforms’ primary purpose is to be a place to host and listen to audio content.
+**Tactic**: TA07 Select Channels and Affordances
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA07
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0152.008.md b/generated_pages/techniques/T0152.008.md
index 3117152..f7505ca 100644
--- a/generated_pages/techniques/T0152.008.md
+++ b/generated_pages/techniques/T0152.008.md
@@ -2,13 +2,13 @@
**Summary**: Twitch.tv and Whatnot are examples of Live Streaming Platforms.
Live Streaming Platforms allow people to create Accounts and stream live content (video or audio). A temporary open Group Chat is created alongside live streamed content for viewers to discuss the stream. Some Live Streaming Platforms allow users to archive streamed content for later non-live viewing.
The ability to stream live media is not exclusive to Live Streaming Platforms; many online platforms allow users with Accounts to stream content (such as the Video Platform YouTube’s “YouTube Live”, and the Social Media Platform Facebook’s “Facebook Live”). However, Live Streaming Platforms’ primary purpose is to be a place for people to stream content live.
+**Tactic**: TA07 Select Channels and Affordances
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA07
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0152.009.md b/generated_pages/techniques/T0152.009.md
index d7f57b0..02c2e2e 100644
--- a/generated_pages/techniques/T0152.009.md
+++ b/generated_pages/techniques/T0152.009.md
@@ -2,13 +2,13 @@
**Summary**: Apple’s App Store, Google’s Google Play Store, and Valve’s Steam are examples of Software Delivery Platforms.
Software Delivery Platforms are designed to enable users to download programmes uploaded to the platform. Software can be purchased, or downloaded for free.
Some Software Delivery Platforms require users to have an Account before they can download software, and software they acquire becomes associated with the account (i.e. the account owns a licence to download the software). Some platforms don’t require users to make accounts before downloading software.
Actors may create their own Software Delivery Platform on a Domain they own.
+**Tactic**: TA07 Select Channels and Affordances
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA07
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0152.010.md b/generated_pages/techniques/T0152.010.md
index cbd3fa7..e623a57 100644
--- a/generated_pages/techniques/T0152.010.md
+++ b/generated_pages/techniques/T0152.010.md
@@ -2,13 +2,13 @@
**Summary**: Dropbox and Google Drive are examples of File Hosting Platforms.
File Hosting Platforms allow people to create Accounts which they can use to host files on another server, enabling access to content on any machine, and the ability to easily share files with anyone online.
Actors may also create their own File Hosting Platform on a Website or Server they control.
+**Tactic**: TA07 Select Channels and Affordances
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA07
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0152.011.md b/generated_pages/techniques/T0152.011.md
index a1f2487..6c80eba 100644
--- a/generated_pages/techniques/T0152.011.md
+++ b/generated_pages/techniques/T0152.011.md
@@ -2,13 +2,13 @@
**Summary**: Wikipedia, Fandom, Ruwiki, TV Tropes, and the SCP Foundation are examples of Wiki Platforms.
Wikis use wiki software to allow platform users to collaboratively create and maintain an encyclopedia of information related to a given topic.
+**Tactic**: TA07 Select Channels and Affordances
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA07
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0152.012.md b/generated_pages/techniques/T0152.012.md
index b64cb1a..1b7c691 100644
--- a/generated_pages/techniques/T0152.012.md
+++ b/generated_pages/techniques/T0152.012.md
@@ -2,13 +2,13 @@
**Summary**: Patreon, Fansly, and OnlyFans are examples of Subscription Service Platforms.
Subscription Service Platforms enable users with Accounts to host online content to which other platform users can subscribe to access. Content typically requires Paid Subscription to access, however open content is often also supported.
+**Tactic**: TA07 Select Channels and Affordances
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA07
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0152.md b/generated_pages/techniques/T0152.md
index 069807f..988ce42 100644
--- a/generated_pages/techniques/T0152.md
+++ b/generated_pages/techniques/T0152.md
@@ -2,13 +2,13 @@
**Summary**: Digital Content Hosting Assets are online assets which are primarily designed to allow actors to upload content to the internet.
Sub-techniques categorised under Digital Content Hosting Assets can include Community Hosting and Content Delivery capabilities; however their nominal primary purpose is to host content online.
+**Tactic**: TA07 Select Channels and Affordances
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA07
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0153.001.md b/generated_pages/techniques/T0153.001.md
index 5f15aa1..b1ce667 100644
--- a/generated_pages/techniques/T0153.001.md
+++ b/generated_pages/techniques/T0153.001.md
@@ -2,13 +2,13 @@
**Summary**: Gmail, iCloud mail, and Microsoft Outlook are examples of Email Platforms.
Email Platforms are online platforms which allow people to create Accounts that they can use to send and receive emails to and from other email accounts.
Instead of using an Email Platform, actors may set up their own Email Domain, letting them send and receive emails on a custom domain.
Analysts should default to Email Platform if they cannot confirm whether an email was sent using a privately operated email, or via an account on a public email platform (for example, in situations where analysts are coding third party reporting which does not specify the type of email used).
+**Tactic**: TA07 Select Channels and Affordances
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA07
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0153.002.md b/generated_pages/techniques/T0153.002.md
index 6bdc544..8109d4e 100644
--- a/generated_pages/techniques/T0153.002.md
+++ b/generated_pages/techniques/T0153.002.md
@@ -2,13 +2,13 @@
**Summary**: Bitly and TinyURL are examples of Link Shortening Platforms.
Link Shortening Platforms are online platforms which allow people to create Accounts that they can use to convert existing URLs into Shortened Links, or into QR Codes.
+**Tactic**: TA07 Select Channels and Affordances
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA07
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0153.003.md b/generated_pages/techniques/T0153.003.md
index b10698f..aefd178 100644
--- a/generated_pages/techniques/T0153.003.md
+++ b/generated_pages/techniques/T0153.003.md
@@ -2,13 +2,13 @@
**Summary**: A Shortened Link is a custom URL which is typically a shortened version of another URL.
+**Tactic**: TA07 Select Channels and Affordances
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA07
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0153.004.md b/generated_pages/techniques/T0153.004.md
index 5151ea3..99c375c 100644
--- a/generated_pages/techniques/T0153.004.md
+++ b/generated_pages/techniques/T0153.004.md
@@ -2,13 +2,13 @@
**Summary**: A QR Code allows people to use cameras on their smartphones to open a URL.
+**Tactic**: TA07 Select Channels and Affordances
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA07
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0153.005.md b/generated_pages/techniques/T0153.005.md
index 2ffea96..963b696 100644
--- a/generated_pages/techniques/T0153.005.md
+++ b/generated_pages/techniques/T0153.005.md
@@ -2,13 +2,13 @@
**Summary**: Google Ads, Facebook Ads, and LinkedIn Marketing Solutions are examples of Online Advertising Platforms.
Online Advertising Platforms are online platforms which allow people to create Accounts that they can use to upload and deliver adverts to people online.
+**Tactic**: TA07 Select Channels and Affordances
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA07
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0153.006.md b/generated_pages/techniques/T0153.006.md
index f82c31b..e3b02a3 100644
--- a/generated_pages/techniques/T0153.006.md
+++ b/generated_pages/techniques/T0153.006.md
@@ -2,13 +2,13 @@
**Summary**: Many online platforms have Content Recommendation Algorithms, which promote content posted to the platform to users based on metrics the platform operators are trying to meet. Algorithms typically surface platform content which the user is likely to engage with, based on how they and other users have behaved on the platform.
+**Tactic**: TA07 Select Channels and Affordances
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA07
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0153.007.md b/generated_pages/techniques/T0153.007.md
index 32cf0e7..c497d3a 100644
--- a/generated_pages/techniques/T0153.007.md
+++ b/generated_pages/techniques/T0153.007.md
@@ -2,13 +2,13 @@
**Summary**: Many online platforms allow users to contact other platform users via Direct Messaging; private messaging which can be initiated by a user with other platform users.
Examples include messaging on WhatsApp, Telegram, and Signal; direct messages (DMs) on Facebook or Instagram.
Some platforms’ Direct Messaging capabilities provide users with Encrypted Communication.
+**Tactic**: TA07 Select Channels and Affordances
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA07
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0153.md b/generated_pages/techniques/T0153.md
index 6732739..c5aaf26 100644
--- a/generated_pages/techniques/T0153.md
+++ b/generated_pages/techniques/T0153.md
@@ -2,13 +2,13 @@
**Summary**: Digital Content Delivery Assets are assets which support the delivery of content to users online.
Sub-techniques categorised under Digital Content Delivery Assets can include Community Hosting and Content Hosting capabilities; however their nominal primary purpose is to support the delivery of content to users online.
+**Tactic**: TA07 Select Channels and Affordances
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA07
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0154.001.md b/generated_pages/techniques/T0154.001.md
index 5957df3..a8454e7 100644
--- a/generated_pages/techniques/T0154.001.md
+++ b/generated_pages/techniques/T0154.001.md
@@ -2,13 +2,13 @@
**Summary**: OpenAI’s ChatGPT, Google’s Bard, Microsoft’s Turing-NLG, Google’s T5 (Text-to-Text Transfer Transformer), and Facebook’s BART are examples of AI LLM (Large Language Model) Platforms.
AI LLM Platforms are online platforms which allow people to create Accounts that they can use to interact with the platform’s AI Large Language Model, to produce text-based content.
LLMs can create hyper-realistic synthetic text that is both scalable and persuasive. LLMs can largely automate content production, reducing the overhead in persona creation, and generate culturally appropriate outputs that are less prone to exhibiting conspicuous signs of inauthenticity.
Some platforms implement protections against misuse of AI by their users. Threat Actors have been observed bypassing these protections using prompt injections, poisoning, jailbreaking, or integrity attacks.
+**Tactic**: TA07 Select Channels and Affordances
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA07
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0154.002.md b/generated_pages/techniques/T0154.002.md
index 035fe3e..125711e 100644
--- a/generated_pages/techniques/T0154.002.md
+++ b/generated_pages/techniques/T0154.002.md
@@ -2,13 +2,13 @@
**Summary**: AI Media Platforms are online platforms that allow people to create Accounts which they can use to produce image, video, or audio content (also known as “deepfakes”) using the platform’s AI Software.
Midjourney, DALL-E, Stable Diffusion, and Adobe Firefly are examples of AI Media Platforms which allow users to Develop AI-Generated Images, AI-Generated Videos and AI-Generated Account Imagery.
Similarly, Reface, Zao, FaceApp, and Wombo are mobile apps which offer features for creating AI-Generated videos, gifs, or trending memes.
AI-Generated Audio such as text-to-speech and voice cloning have revolutionised the creation of synthetic voices that closely mimic human speech. AI Media Platforms such as Descript, Fliki, Murf AI, PlayHT, and Resemble AI can be used to generate synthetic voice.
Some platforms implement protections against misuse of AI by their users. Threat Actors have been observed bypassing these protections using prompt injections, poisoning, jailbreaking, or integrity attacks.
+**Tactic**: TA07 Select Channels and Affordances
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA07
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0154.md b/generated_pages/techniques/T0154.md
index 58f7b64..333adbe 100644
--- a/generated_pages/techniques/T0154.md
+++ b/generated_pages/techniques/T0154.md
@@ -2,13 +2,13 @@
**Summary**: Digital Content Creation Assets are Platforms or Software which help actors produce content for publication online.
+**Tactic**: TA07 Select Channels and Affordances
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA07
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0155.001.md b/generated_pages/techniques/T0155.001.md
index f749d34..f348556 100644
--- a/generated_pages/techniques/T0155.001.md
+++ b/generated_pages/techniques/T0155.001.md
@@ -2,13 +2,13 @@
**Summary**: A Password Gated Asset is an online asset which requires a password to gain access.
Examples include password protected Servers set up to be a File Hosting Platform, or password protected Community Sub-Forums.
+**Tactic**: TA07 Select Channels and Affordances
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA07
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0155.002.md b/generated_pages/techniques/T0155.002.md
index 7c08347..2ddb69d 100644
--- a/generated_pages/techniques/T0155.002.md
+++ b/generated_pages/techniques/T0155.002.md
@@ -2,13 +2,13 @@
**Summary**: An Invite Gated Asset is an online asset which requires an existing user to invite other users for access to the asset.
Examples include Chat Groups in which Administrator Accounts are able to add or remove users, or File Hosting Platforms which allow users to invite other users to access their files.
+**Tactic**: TA07 Select Channels and Affordances
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA07
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0155.003.md b/generated_pages/techniques/T0155.003.md
index 0c21651..0664b9e 100644
--- a/generated_pages/techniques/T0155.003.md
+++ b/generated_pages/techniques/T0155.003.md
@@ -2,13 +2,13 @@
**Summary**: An Approval Gated Asset is an online asset which requires approval from Administrator Accounts for access to the asset.
Examples include Online Community Groups on Facebook, which can be configured to require questions and approval before access, and Accounts on Social Media Platforms such as Instagram, which allow users to set their accounts as visible to approved friends only.
+**Tactic**: TA07 Select Channels and Affordances
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA07
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0155.004.md b/generated_pages/techniques/T0155.004.md
index 0ca0db7..f4a5c79 100644
--- a/generated_pages/techniques/T0155.004.md
+++ b/generated_pages/techniques/T0155.004.md
@@ -2,13 +2,13 @@
**Summary**: A Geoblocked Asset is an online asset which cannot be accessed in specific geographical locations.
Assets can be Geoblocked by choice of the platform, or can have Geoblocking mandated by regulators, and enforced through Internet Service Providers.
+**Tactic**: TA07 Select Channels and Affordances
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA07
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0155.005.md b/generated_pages/techniques/T0155.005.md
index 99546ed..45e95ea 100644
--- a/generated_pages/techniques/T0155.005.md
+++ b/generated_pages/techniques/T0155.005.md
@@ -2,13 +2,13 @@
**Summary**: A Paid Access Asset is an online asset which requires a single payment for permanent access to the asset.
+**Tactic**: TA07 Select Channels and Affordances
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA07
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0155.006.md b/generated_pages/techniques/T0155.006.md
index 3eef6bb..5dde162 100644
--- a/generated_pages/techniques/T0155.006.md
+++ b/generated_pages/techniques/T0155.006.md
@@ -2,13 +2,13 @@
**Summary**: A Subscription Access Asset is an online asset which requires a continued subscription for access to the asset.
Examples include the Blogging Platform Substack, which affords Blogs hosted on their platform the ability to produce subscriber-only posts, and the Subscription Service Platform Patreon.
+**Tactic**: TA07 Select Channels and Affordances
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA07
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0155.007.md b/generated_pages/techniques/T0155.007.md
index 37a8109..474c71b 100644
--- a/generated_pages/techniques/T0155.007.md
+++ b/generated_pages/techniques/T0155.007.md
@@ -2,13 +2,13 @@
**Summary**: Some online platforms support encrypted communication between platform users, for example the Chat Platforms Telegram and Signal.
+**Tactic**: TA07 Select Channels and Affordances
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA07
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques/T0155.md b/generated_pages/techniques/T0155.md
index ad2f0e5..b648e4a 100644
--- a/generated_pages/techniques/T0155.md
+++ b/generated_pages/techniques/T0155.md
@@ -2,13 +2,13 @@
**Summary**: Some assets are Gated; closed communities or platforms which can’t be accessed openly. They may be password protected or require admin approval for entry. Many different digital assets can be gated. This technique contains sub-techniques with methods used to gate assets. Analysts can use T0155: Gated Asset if the method of gating is unclear.
+**Tactic**: TA07 Select Channels and Affordances
-| Associated Technique | When to use |
+
+| Associated Technique | Description |
| --------- | ------------------------- |
-**Belongs to tactic stage**: TA07
-
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
diff --git a/generated_pages/techniques_index.md b/generated_pages/techniques_index.md
index 0f6ff7d..3f208e9 100644
--- a/generated_pages/techniques_index.md
+++ b/generated_pages/techniques_index.md
@@ -820,19 +820,19 @@
T0097.102 |
Journalist Persona |
-A person with a journalist persona presents themselves as a reporter or journalist delivering news, conducting interviews, investigations etc.
While presenting as a journalist is not an indication of inauthentic behaviour, an influence operation may have its narratives amplified by people presenting as journalists. Threat actors can fabricate journalists to give the appearance of legitimacy, justifying the actor’s requests for interviews, etc (T0143.002: Fabricated Persona, T0097.102: Journalist Persona).
People who have legitimately developed a persona as a journalist (T0143.001: Authentic Persona, T0097.102: Journalist Persona) can use it for malicious purposes, or be exploited by threat actors. For example, someone could take money for using their position as a trusted journalist to provide legitimacy to a false narrative or be tricked into doing so without the journalist’s knowledge.
Associated Techniques and Sub-techniques T0097.202: News Organisation Persona: People with a journalist persona may present as being part of a news organisation. T0097.101: Local Persona: People with a journalist persona may present themselves as local reporters. |
+A person with a journalist persona presents themselves as a reporter or journalist delivering news, conducting interviews, investigations etc.
While presenting as a journalist is not an indication of inauthentic behaviour, an influence operation may have its narratives amplified by people presenting as journalists. Threat actors can fabricate journalists to give the appearance of legitimacy, justifying the actor’s requests for interviews, etc (T0143.002: Fabricated Persona, T0097.102: Journalist Persona).
People who have legitimately developed a persona as a journalist (T0143.001: Authentic Persona, T0097.102: Journalist Persona) can use it for malicious purposes, or be exploited by threat actors. For example, someone could take money for using their position as a trusted journalist to provide legitimacy to a false narrative or be tricked into doing so without the journalist’s knowledge. |
TA16 |
T0097.103 |
Activist Persona |
-A person with an activist persona presents themselves as an activist; an individual who campaigns for a political cause, organises related events, etc.
While presenting as an activist is not an indication of inauthentic behaviour, an influence operation may have its narratives amplified by people presenting as activists. Threat actors can fabricate activists to give the appearance of popular support for an evolving grassroots movement (see T0143.002: Fabricated Persona, T0097.103: Activist Persona).
People who are legitimate activists can use this persona for malicious purposes, or be exploited by threat actors. For example, someone could take money for using their position as an activist to provide visibility to a false narrative or be tricked into doing so without their knowledge (T0143.001: Authentic Persona, T0097.103: Activist Persona).
Associated Techniques and Sub-techniques T0097.104: Hacktivist Persona: Analysts should use this sub-technique to catalogue cases where an individual is presenting themselves as someone engaged in activism who uses technical tools and methods, including building technical infrastructure and conducting offensive cyber operations, to achieve their goals. T0097.207: NGO Persona: People with an activist persona may present as being part of an NGO. T0097.208: Social Cause Persona: Analysts should use this sub-technique to catalogue cases where an online account is presenting as posting content related to a particular social cause, while not presenting as an individual. |
+A person with an activist persona presents themselves as an activist; an individual who campaigns for a political cause, organises related events, etc.
While presenting as an activist is not an indication of inauthentic behaviour, an influence operation may have its narratives amplified by people presenting as activists. Threat actors can fabricate activists to give the appearance of popular support for an evolving grassroots movement (see T0143.002: Fabricated Persona, T0097.103: Activist Persona).
People who are legitimate activists can use this persona for malicious purposes, or be exploited by threat actors. For example, someone could take money for using their position as an activist to provide visibility to a false narrative or be tricked into doing so without their knowledge (T0143.001: Authentic Persona, T0097.103: Activist Persona). |
TA16 |
T0097.104 |
Hacktivist Persona |
-A person with a hacktivist persona presents themselves as an activist who conducts offensive cyber operations or builds technical infrastructure for political purposes, rather than the financial motivations commonly attributed to hackers; hacktivists are hacker activists who use their technical knowledge to take political action.
Hacktivists can build technical infrastructure to support other activists, including secure communication channels and surveillance and censorship circumvention. They can also conduct DDOS attacks and other offensive cyber operations, aiming to take down digital assets or gain access to proprietary information. An influence operation may use hacktivist personas to support their operational narratives and legitimise their operational activities.
Fabricated Hacktivists are sometimes referred to as “Faketivists”.
Associated Techniques and Sub-techniques T0097.103: Activist Persona: Analysts should use this sub-technique to catalogue cases where an individual is presenting themselves as someone engaged in activism but doesn’t present themselves as using technical tools and methods to achieve their goals. |
+A person with a hacktivist persona presents themselves as an activist who conducts offensive cyber operations or builds technical infrastructure for political purposes, rather than the financial motivations commonly attributed to hackers; hacktivists are hacker activists who use their technical knowledge to take political action.
Hacktivists can build technical infrastructure to support other activists, including secure communication channels and surveillance and censorship circumvention. They can also conduct DDOS attacks and other offensive cyber operations, aiming to take down digital assets or gain access to proprietary information. An influence operation may use hacktivist personas to support their operational narratives and legitimise their operational activities.
Fabricated Hacktivists are sometimes referred to as “Faketivists”. |
TA16 |
@@ -844,43 +844,43 @@
T0097.106 |
Recruiter Persona |
-A person with a recruiter persona presents themselves as a potential employer or provider of freelance work.
While presenting as a recruiter is not an indication of inauthentic behaviour, threat actors fabricate recruiters (T0143.002: Fabricated Persona, T0097.106: Recruiter Persona) to justify asking for personal information from their targets or to trick targets into working for the threat actors (without revealing who they are).
Associated Techniques and Sub-techniques T0097.205: Business Persona: People with a recruiter persona may present as being part of a business which they are recruiting for. |
+A person with a recruiter persona presents themselves as a potential employer or provider of freelance work.
While presenting as a recruiter is not an indication of inauthentic behaviour, threat actors fabricate recruiters (T0143.002: Fabricated Persona, T0097.106: Recruiter Persona) to justify asking for personal information from their targets or to trick targets into working for the threat actors (without revealing who they are). |
TA16 |
T0097.107 |
Researcher Persona |
-A person with a researcher persona presents themselves as conducting research (e.g. for academic institutions, or think tanks), or having previously conducted research.
While presenting as a researcher is not an indication of inauthentic behaviour, an influence operation may have its narratives amplified by people presenting as researchers. Threat actors can fabricate researchers (T0143.002: Fabricated Persona, T0097.107: Researcher Persona) to add credibility to their narratives.
People who are legitimate researchers (T0143.001: Authentic Persona, T0097.107: Researcher Persona) can use their persona for malicious purposes, or be exploited by threat actors. For example, someone could take money for using their position as a Researcher to provide legitimacy to a false narrative or be tricked into doing so without their knowledge.
Associated Techniques and Sub-techniques T0097.204: Think Tank Persona: People with a researcher persona may present as being part of a think tank. T0097.108: Expert Persona: People who present as researching a given topic are likely to also present as having expertise in the area. |
+A person with a researcher persona presents themselves as conducting research (e.g. for academic institutions, or think tanks), or having previously conducted research.
While presenting as a researcher is not an indication of inauthentic behaviour, an influence operation may have its narratives amplified by people presenting as researchers. Threat actors can fabricate researchers (T0143.002: Fabricated Persona, T0097.107: Researcher Persona) to add credibility to their narratives.
People who are legitimate researchers (T0143.001: Authentic Persona, T0097.107: Researcher Persona) can use their persona for malicious purposes, or be exploited by threat actors. For example, someone could take money for using their position as a Researcher to provide legitimacy to a false narrative or be tricked into doing so without their knowledge. |
TA16 |
T0097.108 |
Expert Persona |
-A person with an expert persona presents themselves as having expertise or experience in a field. Commonly the persona’s expertise will be called upon to add credibility to a given narrative.
While presenting as an expert is not an indication of inauthentic behaviour, an influence operation may have its narratives amplified by people presenting as experts. Threat actors can fabricate experts (T0143.002: Fabricated Persona, T0097.107: Researcher Persona) to add credibility to their narratives.
People who are legitimate experts (T0143.001: Authentic Persona, T0097.107: Researcher Persona) can make mistakes, use their persona for malicious purposes, or be exploited by threat actors. For example, someone could take money for using their position as an expert to provide legitimacy to a false narrative or be tricked into doing so without their knowledge.
Associated Techniques and Sub-techniques T0097.107: Researcher Persona: People who present as experts may also present as conducting or having conducted research into their specialist subject. T0097.204: Think Tank Persona: People with an expert persona may present as being part of a think tank. |
+A person with an expert persona presents themselves as having expertise or experience in a field. Commonly the persona’s expertise will be called upon to add credibility to a given narrative.
While presenting as an expert is not an indication of inauthentic behaviour, an influence operation may have its narratives amplified by people presenting as experts. Threat actors can fabricate experts (T0143.002: Fabricated Persona, T0097.107: Researcher Persona) to add credibility to their narratives.
People who are legitimate experts (T0143.001: Authentic Persona, T0097.107: Researcher Persona) can make mistakes, use their persona for malicious purposes, or be exploited by threat actors. For example, someone could take money for using their position as an expert to provide legitimacy to a false narrative or be tricked into doing so without their knowledge. |
TA16 |
T0097.109 |
Romantic Suitor Persona |
-A person with a romantic suitor persona presents themselves as seeking a romantic or physical connection with another person.
While presenting as seeking a romantic or physical connection is not an indication of inauthentic behaviour, threat actors can use dating apps, social media channels or dating websites to fabricate romantic suitors to lure targets they can blackmail, extract information from, deceive or trick into giving them money (T0143.002: Fabricated Persona, T0097.109: Romantic Suitor Persona).
Honeypotting in espionage and Big Butchering in scamming are commonly associated with romantic suitor personas.
Associated Techniques and Sub-techniques T0151.017: Dating Platform: Analysts can use this sub-technique for tagging cases where an account has been identified as using a dating platform. |
+A person with a romantic suitor persona presents themselves as seeking a romantic or physical connection with another person.
While presenting as seeking a romantic or physical connection is not an indication of inauthentic behaviour, threat actors can use dating apps, social media channels or dating websites to fabricate romantic suitors to lure targets they can blackmail, extract information from, deceive or trick into giving them money (T0143.002: Fabricated Persona, T0097.109: Romantic Suitor Persona).
Honeypotting in espionage and Big Butchering in scamming are commonly associated with romantic suitor personas. |
TA16 |
T0097.110 |
Party Official Persona |
-A person who presents as an official member of a political party, such as leaders of political parties, candidates standing to represent constituents, and campaign staff.
Presenting as an official of a political party is not an indication of inauthentic behaviour, however threat actors may fabricate individuals who work in political parties to add credibility to their narratives (T0143.002: Fabricated Persona, T0097.110: Party Official Persona). They may also impersonate existing officials of political parties (T0143.003: Impersonated Persona, T0097.110: Party Official Persona).
Legitimate members of political parties could use their persona for malicious purposes, or be exploited by threat actors (T0143.001: Authentic Persona, T0097.110: Party Official Persona). For example, an electoral candidate could take money for using their position to provide legitimacy to a false narrative, or be tricked into doing so without their knowledge.
Associated Techniques and Sub-techniques T0097.111: Government Official Persona: Analysts should use this sub-technique to catalogue cases where an individual is presenting as a member of a government.
Some party officials will also be government officials. For example, in the United Kingdom the head of government is commonly also the head of their political party.
Some party officials won’t be government officials. For example, members of a party standing in an election, or party officials who work outside of government (e.g. campaign staff). |
+A person who presents as an official member of a political party, such as leaders of political parties, candidates standing to represent constituents, and campaign staff.
Presenting as an official of a political party is not an indication of inauthentic behaviour, however threat actors may fabricate individuals who work in political parties to add credibility to their narratives (T0143.002: Fabricated Persona, T0097.110: Party Official Persona). They may also impersonate existing officials of political parties (T0143.003: Impersonated Persona, T0097.110: Party Official Persona).
Legitimate members of political parties could use their persona for malicious purposes, or be exploited by threat actors (T0143.001: Authentic Persona, T0097.110: Party Official Persona). For example, an electoral candidate could take money for using their position to provide legitimacy to a false narrative, or be tricked into doing so without their knowledge. |
TA16 |
T0097.111 |
Government Official Persona |
-A person who presents as an active or previous government official has the government official persona. These are officials serving in government, such as heads of government departments, leaders of countries, and members of government selected to represent constituents.
Presenting as a government official is not an indication of inauthentic behaviour, however threat actors may fabricate individuals who work in government to add credibility to their narratives (T0143.002: Fabricated Persona, T0097.111: Government Official Persona). They may also impersonate existing members of government (T0143.003: Impersonated Persona, T0097.111: Government Official Persona).
Legitimate government officials could use their persona for malicious purposes, or be exploited by threat actors (T0143.001: Authentic Persona, T0097.111: Government Official Persona). For example, a government official could take money for using their position to provide legitimacy to a false narrative, or be tricked into doing so without their knowledge.
Associated Techniques and Sub-techniques T0097.110: Party Official Persona: Analysts should use this sub-technique to catalogue cases where an individual is presenting as a member of a political party.
Not all government officials are political party officials (such as outside experts brought into government) and not all political party officials are government officials (such as people standing for office who are not yet working in government).
T0097.206: Government Institution Persona: People presenting as members of a government may also represent a government institution which they are associated with.
T0097.112: Government Employee Persona: Analysts should use this sub-technique to document people presenting as professionals hired to serve in government institutions and departments, not officials selected to represent constituents, or assigned official roles in government (such as heads of departments). |
+A person who presents as an active or previous government official has the government official persona. These are officials serving in government, such as heads of government departments, leaders of countries, and members of government selected to represent constituents.
Presenting as a government official is not an indication of inauthentic behaviour, however threat actors may fabricate individuals who work in government to add credibility to their narratives (T0143.002: Fabricated Persona, T0097.111: Government Official Persona). They may also impersonate existing members of government (T0143.003: Impersonated Persona, T0097.111: Government Official Persona).
Legitimate government officials could use their persona for malicious purposes, or be exploited by threat actors (T0143.001: Authentic Persona, T0097.111: Government Official Persona). For example, a government official could take money for using their position to provide legitimacy to a false narrative, or be tricked into doing so without their knowledge. |
TA16 |
T0097.112 |
Government Employee Persona |
-A person who presents as an active or previous civil servant has the government employee persona. These are professionals hired to serve in government institutions and departments, not officials selected to represent constituents, or assigned official roles in government (such as heads of departments).
Presenting as a government employee is not an indication of inauthentic behaviour, however threat actors may fabricate individuals who work in government to add credibility to their narratives (T0143.002: Fabricated Persona, T0097.112: Government Employee Persona). They may also impersonate existing government employees (T0143.003: Impersonated Persona, T0097.112: Government Employee Persona).
Legitimate government employees could use their persona for malicious purposes, or be exploited by threat actors (T0143.001: Authentic Persona, T0097.112: Government Employee Persona). For example, a government employee could take money for using their position to provide legitimacy to a false narrative, or be tricked into doing so without their knowledge.
Associated Techniques and Sub-techniques T0097.111: Government Official Persona: Analysts should use this technique to document people who present as an active or previous government official, such as heads of government departments, leaders of countries, and members of government selected to represent constituents. T0097.206: Government Institution Persona: People presenting as members of a government may also present a government institution which they are associated with. |
+A person who presents as an active or previous civil servant has the government employee persona. These are professionals hired to serve in government institutions and departments, not officials selected to represent constituents, or assigned official roles in government (such as heads of departments).
Presenting as a government employee is not an indication of inauthentic behaviour, however threat actors may fabricate individuals who work in government to add credibility to their narratives (T0143.002: Fabricated Persona, T0097.112: Government Employee Persona). They may also impersonate existing government employees (T0143.003: Impersonated Persona, T0097.112: Government Employee Persona).
Legitimate government employees could use their persona for malicious purposes, or be exploited by threat actors (T0143.001: Authentic Persona, T0097.112: Government Employee Persona). For example, a government employee could take money for using their position to provide legitimacy to a false narrative, or be tricked into doing so without their knowledge. |
TA16 |
@@ -892,25 +892,25 @@
T0097.201 |
Local Institution Persona |
-Institutions which present themselves as operating in a particular geography, or as having local knowledge relevant to a narrative, are presenting a local institution persona.
While presenting as a local institution is not an indication of inauthentic behaviour, threat actors may present themselves as such (T0143.002: Fabricated Persona, T0097.201: Local Institution Persona) to add credibility to their narratives, or misrepresent the real opinions of locals in the area.
Legitimate local institutions could use their persona for malicious purposes, or be exploited by threat actors (T0143.001: Authentic Persona, T0097.201: Local Institution Persona). For example, a local institution could take money for using their position to provide legitimacy to a false narrative, or be tricked into doing so without their knowledge.
Associated Techniques and Sub-techniques T0097.101: Local Persona: Institutions presenting as local may also present locals working within the organisation. |
+Institutions which present themselves as operating in a particular geography, or as having local knowledge relevant to a narrative, are presenting a local institution persona.
While presenting as a local institution is not an indication of inauthentic behaviour, threat actors may present themselves as such (T0143.002: Fabricated Persona, T0097.201: Local Institution Persona) to add credibility to their narratives, or misrepresent the real opinions of locals in the area.
Legitimate local institutions could use their persona for malicious purposes, or be exploited by threat actors (T0143.001: Authentic Persona, T0097.201: Local Institution Persona). For example, a local institution could take money for using their position to provide legitimacy to a false narrative, or be tricked into doing so without their knowledge. |
TA16 |
T0097.202 |
News Outlet Persona |
-An institution with a news outlet persona presents itself as an organisation which delivers new information to its target audience.
While presenting as a news outlet is not an indication of inauthentic behaviour, an influence operation may have its narratives amplified by news organisations. Threat actors can fabricate news organisations (T0143.002: Fabricated Persona, T0097.202: News Outlet Persona), or they can impersonate existing news outlets (T0143.003: Impersonated Persona, T0097.202: News Outlet Persona).
Legitimate news organisations could use their persona for malicious purposes, or be exploited by threat actors (T0143.001: Authentic Persona, T0097.202: News Outlet Persona).
Associated Techniques and Sub-techniques T0097.102: Journalist Persona: Institutions presenting as news outlets may also present journalists working within the organisation. T0097.201: Local Institution Persona: Institutions presenting as news outlets may present as being a local news outlet. T0097.203: Fact Checking Organisation Persona: Institutions presenting as news outlets may also deliver a fact checking service (e.g. The UK’s BBC News has the fact checking service BBC Verify). When an actor presents as the fact checking arm of a news outlet, they are presenting both a News Outlet Persona and a Fact Checking Organisation Persona. |
+An institution with a news outlet persona presents itself as an organisation which delivers new information to its target audience.
While presenting as a news outlet is not an indication of inauthentic behaviour, an influence operation may have its narratives amplified by news organisations. Threat actors can fabricate news organisations (T0143.002: Fabricated Persona, T0097.202: News Outlet Persona), or they can impersonate existing news outlets (T0143.003: Impersonated Persona, T0097.202: News Outlet Persona).
Legitimate news organisations could use their persona for malicious purposes, or be exploited by threat actors (T0143.001: Authentic Persona, T0097.202: News Outlet Persona). |
TA16 |
T0097.203 |
Fact Checking Organisation Persona |
-An institution with a fact checking organisation persona presents itself as an organisation which produces reports which assess the validity of others’ reporting / statements.
While presenting as a fact checking organisation is not an indication of inauthentic behaviour, an influence operation may have its narratives amplified by fact checking organisations. Threat actors can fabricate fact checking organisations (T0143.002: Fabricated Persona, T0097.202: News Outlet Persona), or they can impersonate existing fact checking outlets (T0143.003: Impersonated Persona, T0097.202: News Outlet Persona).
Legitimate fact checking organisations could use their persona for malicious purposes, or be exploited by threat actors (T0143.001: Authentic Persona, T0097.202: News Outlet Persona).
Associated Techniques and Sub-techniques T0097.102: Journalist Persona: Institutions presenting as fact checking organisations may also present journalists working within the organisation. T0097.202: News Outlet Persona: Fact checking organisations may present as operating as part of a larger news outlet (e.g. The UK’s BBC News has the fact checking service BBC Verify). When an actor presents as the fact checking arm of a news outlet, they are presenting both a News Outlet Persona and a Fact Checking Organisation Persona. |
+An institution with a fact checking organisation persona presents itself as an organisation which produces reports which assess the validity of others’ reporting / statements.
While presenting as a fact checking organisation is not an indication of inauthentic behaviour, an influence operation may have its narratives amplified by fact checking organisations. Threat actors can fabricate fact checking organisations (T0143.002: Fabricated Persona, T0097.202: News Outlet Persona), or they can impersonate existing fact checking outlets (T0143.003: Impersonated Persona, T0097.202: News Outlet Persona).
Legitimate fact checking organisations could use their persona for malicious purposes, or be exploited by threat actors (T0143.001: Authentic Persona, T0097.202: News Outlet Persona). |
TA16 |
T0097.204 |
Think Tank Persona |
-An institution with a think tank persona presents itself as a think tank; an organisation that aims to conduct original research and propose new policies or solutions, especially for social and scientific problems.
While presenting as a think tank is not an indication of inauthentic behaviour, think tank personas are commonly used by threat actors as a front for their operational activity (T0143.002: Fabricated Persona, T0097.204: Think Tank Persona). They may be created to give legitimacy to narratives and allow them to suggest politically beneficial solutions to societal issues.
Legitimate think tanks could have a political bias that they may not be transparent about, they could use their persona for malicious purposes, or they could be exploited by threat actors (T0143.001: Authentic Persona, T0097.204: Think Tank Persona). For example, a think tank could take money for using their position to provide legitimacy to a false narrative, or be tricked into doing so without their knowledge.
Associated Techniques and Sub-techniques T0097.107: Researcher Persona: Institutions presenting as think tanks may also present researchers working within the organisation. |
+An institution with a think tank persona presents itself as a think tank; an organisation that aims to conduct original research and propose new policies or solutions, especially for social and scientific problems.
While presenting as a think tank is not an indication of inauthentic behaviour, think tank personas are commonly used by threat actors as a front for their operational activity (T0143.002: Fabricated Persona, T0097.204: Think Tank Persona). They may be created to give legitimacy to narratives and allow them to suggest politically beneficial solutions to societal issues.
Legitimate think tanks could have a political bias that they may not be transparent about, they could use their persona for malicious purposes, or they could be exploited by threat actors (T0143.001: Authentic Persona, T0097.204: Think Tank Persona). For example, a think tank could take money for using their position to provide legitimacy to a false narrative, or be tricked into doing so without their knowledge. |
TA16 |
@@ -922,19 +922,19 @@
T0097.206 |
Government Institution Persona |
-Institutions which present themselves as governments, or government ministries, are presenting a government institution persona.
While presenting as a government institution is not an indication of inauthentic behaviour, threat actors may impersonate existing government institutions as part of their operation (T0143.003: Impersonated Persona, T0097.206: Government Institution Persona), to add legitimacy to their narratives, or discredit the government.
Legitimate government institutions could use their persona for malicious purposes, or be exploited by threat actors (T0143.001: Authentic Persona, T0097.206: Government Institution Persona). For example, a government institution could be used by elected officials to spread inauthentic narratives.
Associated Techniques and Sub-techniques T0097.111: Government Official Persona: Institutions presenting as governments may also present officials working within the organisation. T0097.112: Government Employee Persona: Institutions presenting as governments may also present employees working within the organisation. |
+Institutions which present themselves as governments, or government ministries, are presenting a government institution persona.
While presenting as a government institution is not an indication of inauthentic behaviour, threat actors may impersonate existing government institutions as part of their operation (T0143.003: Impersonated Persona, T0097.206: Government Institution Persona), to add legitimacy to their narratives, or discredit the government.
Legitimate government institutions could use their persona for malicious purposes, or be exploited by threat actors (T0143.001: Authentic Persona, T0097.206: Government Institution Persona). For example, a government institution could be used by elected officials to spread inauthentic narratives. |
TA16 |
T0097.207 |
NGO Persona |
-Institutions which present themselves as an NGO (Non-Governmental Organisation), an organisation which provides services or advocates for public policy (while not being directly affiliated with any government), are presenting an NGO persona.
While presenting as an NGO is not an indication of inauthentic behaviour, NGO personas are commonly used by threat actors (such as intelligence services) as a front for their operational activity (T0143.002: Fabricated Persona, T0097.207: NGO Persona). They are created to give legitimacy to the influence operation and potentially infiltrate grassroots movements
Legitimate NGOs could use their persona for malicious purposes, or be exploited by threat actors (T0143.001: Authentic Persona, T0097.207: NGO Persona). For example, an NGO could take money for using their position to provide legitimacy to a false narrative, or be tricked into doing so without their knowledge.
Associated Techniques and Sub-techniques: T0097.103: Activist Persona: Institutions presenting as activist groups may also present activists working within the organisation. |
+Institutions which present themselves as an NGO (Non-Governmental Organisation), an organisation which provides services or advocates for public policy (while not being directly affiliated with any government), are presenting an NGO persona.
While presenting as an NGO is not an indication of inauthentic behaviour, NGO personas are commonly used by threat actors (such as intelligence services) as a front for their operational activity (T0143.002: Fabricated Persona, T0097.207: NGO Persona). They are created to give legitimacy to the influence operation and potentially infiltrate grassroots movements
Legitimate NGOs could use their persona for malicious purposes, or be exploited by threat actors (T0143.001: Authentic Persona, T0097.207: NGO Persona). For example, an NGO could take money for using their position to provide legitimacy to a false narrative, or be tricked into doing so without their knowledge. |
TA16 |
T0097.208 |
Social Cause Persona |
-Online accounts which present themselves as focusing on a social cause are presenting the Social Cause Persona. Examples include accounts which post about current affairs, such as discrimination faced by minorities.
While presenting as an account invested in a social cause is not an indication of inauthentic behaviour, such personas have been used by threat actors to exploit peoples’ legitimate emotional investment regarding social causes that matter to them (T0143.002: Fabricated Persona, T0097.208: Social Cause Persona).
Legitimate accounts focused on a social cause could use their persona for malicious purposes, or be exploited by threat actors (T0143.001: Authentic Persona, T0097.208: Social Cause Persona). For example, the account holders could take money for using their position to provide legitimacy to a false narrative, or be tricked into doing so without their knowledge.
Associated Techniques and Sub-techniques: T0097.103: Activist Persona: Analysts should use this sub-technique to catalogue cases where an individual is presenting themselves as an activist related to a social cause. Accounts with social cause personas do not present themselves as individuals, but may have activists controlling the accounts. |
+Online accounts which present themselves as focusing on a social cause are presenting the Social Cause Persona. Examples include accounts which post about current affairs, such as discrimination faced by minorities.
While presenting as an account invested in a social cause is not an indication of inauthentic behaviour, such personas have been used by threat actors to exploit peoples’ legitimate emotional investment regarding social causes that matter to them (T0143.002: Fabricated Persona, T0097.208: Social Cause Persona).
Legitimate accounts focused on a social cause could use their persona for malicious purposes, or be exploited by threat actors (T0143.001: Authentic Persona, T0097.208: Social Cause Persona). For example, the account holders could take money for using their position to provide legitimacy to a false narrative, or be tricked into doing so without their knowledge. |
TA16 |
@@ -1726,13 +1726,13 @@
T0143.003 |
Impersonated Persona |
-Threat actors may impersonate existing individuals or institutions to conceal their network identity, add legitimacy to content, or harm the impersonated target’s reputation. This Technique covers situations where an actor presents themselves as another existing individual or institution.
This Technique was previously called Prepare Assets Impersonating Legitimate Entities and used the ID T0099.
Associated Techniques and Sub-techniques T0097: Presented Persona: Analysts can use the sub-techniques of T0097: Presented Persona to categorise the type of impersonation. For example, a document developed by a threat actor which falsely presented as a letter from a government department could be documented using T0085.004: Develop Document, T0143.003: Impersonated Persona, and T0097.206: Government Institution Persona. T0145.001: Copy Account Imagery: Actors may take existing accounts’ profile pictures as part of their impersonation efforts. |
+Threat actors may impersonate existing individuals or institutions to conceal their network identity, add legitimacy to content, or harm the impersonated target’s reputation. This Technique covers situations where an actor presents themselves as another existing individual or institution.
This Technique was previously called Prepare Assets Impersonating Legitimate Entities and used the ID T0099. |
TA16 |
T0143.004 |
Parody Persona |
-Parody is a form of artistic expression that imitates the style or characteristics of a particular work, genre, or individual in a humorous or satirical way, often to comment on or critique the original work or subject matter. People may present as parodies to create humour or make a point by exaggerating or altering elements of the original, while still maintaining recognizable elements.
The use of parody is not an indication of inauthentic or malicious behaviour; parody allows people to present ideas or criticisms in a comedic or exaggerated manner, softening the impact of sensitive or contentious topics. Because parody is often protected as a form of free speech or artistic expression, it provides a legal and social framework for discussing controversial issues.
However, parody personas may be perceived as authentic personas, leading to people mistakenly believing that a parody account’s statements represent the real opinions of a parodied target. Threat actors may also use the guise of parody to spread campaign content. Parody personas may disclaim that they are operating as a parody, however this is not always the case, and is not always given prominence.
Associated Techniques and Sub-techniques T0097: Presented Persona: Analysts can use the sub-techniques of T0097: Presented Persona to categorise the type of parody. For example, an account presenting as a parody of a business could be documented using T0097.205: Business Persona and T0143.003: Parody Persona. T0145.001: Copy Account Imagery: Actors may take existing accounts’ profile pictures as part of their parody efforts. |
+Parody is a form of artistic expression that imitates the style or characteristics of a particular work, genre, or individual in a humorous or satirical way, often to comment on or critique the original work or subject matter. People may present as parodies to create humour or make a point by exaggerating or altering elements of the original, while still maintaining recognizable elements.
The use of parody is not an indication of inauthentic or malicious behaviour; parody allows people to present ideas or criticisms in a comedic or exaggerated manner, softening the impact of sensitive or contentious topics. Because parody is often protected as a form of free speech or artistic expression, it provides a legal and social framework for discussing controversial issues.
However, parody personas may be perceived as authentic personas, leading to people mistakenly believing that a parody account’s statements represent the real opinions of a parodied target. Threat actors may also use the guise of parody to spread campaign content. Parody personas may disclaim that they are operating as a parody, however this is not always the case, and is not always given prominence. |
TA16 |
@@ -1750,7 +1750,7 @@
T0144.002 |
Persona Template |
-Threat actors have been observed following a template when filling their accounts’ online profiles. This may be done to enable account holders to quickly present themselves as a real person with a targeted persona.
For example, an actor may be instructed to create many fabricated local accounts for use in an operation using a template of “[flag emojis], [location], [personal quote], [political party] supporter” in their account’s description.
Associated Techniques and Sub-techniques T0143.002: Fabricated Persona: The use of a templated account biography in a collection of accounts may be an indicator that the personas have been fabricated. |
+Threat actors have been observed following a template when filling their accounts’ online profiles. This may be done to enable account holders to quickly present themselves as a real person with a targeted persona.
For example, an actor may be instructed to create many fabricated local accounts for use in an operation using a template of “[flag emojis], [location], [personal quote], [political party] supporter” in their account’s description. |
TA16 |
@@ -1762,13 +1762,13 @@
T0145.001 |
Copy Account Imagery |
-Account imagery copied from an existing account.
Analysts may use reverse image search tools to try to identify previous uses of account imagery (e.g. a profile picture) by other accounts.
Threat Actors have been known to copy existing accounts’ imagery to impersonate said accounts, or to provide imagery for unrelated accounts which aren’t intended to impersonate the original assets’ owner.
Associated Techniques and Sub-techniques T0143.003: Impersonated Persona: Actors may copy existing accounts’ imagery in an attempt to impersonate them. T0143.004: Parody Persona: Actors may copy existing accounts’ imagery as part of a parody of that account. |
+Account imagery copied from an existing account.
Analysts may use reverse image search tools to try to identify previous uses of account imagery (e.g. a profile picture) by other accounts.
Threat Actors have been known to copy existing accounts’ imagery to impersonate said accounts, or to provide imagery for unrelated accounts which aren’t intended to impersonate the original assets’ owner. |
TA15 |
T0145.002 |
AI-Generated Account Imagery |
-AI Generated images used in account imagery.
An influence operation might flesh out its account by uploading account imagery (e.g. a profile picture), increasing its perceived legitimacy. By using an AI-generated picture for this purpose, they are able to present themselves as a real person without compromising their own identity, or risking detection by taking a real person’s existing profile picture.
Associated Techniques and Sub-techniques T0086.002: Develop AI-Generated Images (Deepfakes): Analysts should use this sub-technique to document use of AI generated imagery used to support narratives. |
+AI Generated images used in account imagery.
An influence operation might flesh out its account by uploading account imagery (e.g. a profile picture), increasing its perceived legitimacy. By using an AI-generated picture for this purpose, they are able to present themselves as a real person without compromising their own identity, or risking detection by taking a real person’s existing profile picture. |
TA15 |
@@ -1792,7 +1792,7 @@
T0145.006 |
Attractive Person Account Imagery |
-Attractive person used in account imagery.
An influence operation might flesh out its account by uploading account imagery (e.g. a profile picture), increasing its perceived authenticity.
Pictures of physically attractive people can benefit threat actors by increasing attention given to their posts.
People sometimes legitimately use images of attractive people as their profile picture, and threat actors can mimic this behaviour to avoid the risk of detection associated with stealing or AI-generating profile pictures (see T0145.001: Copy Account Imagery and T0145.002: AI-Generated Account Imagery).
This Technique is often used by Coordinated Inauthentic Behaviour accounts (CIBs). A collection of accounts displaying the same behaviour using similar account imagery can indicate the presence of CIB.
Associated Techniques and Sub-techniques T0097.109: Romantic Suitor Persona: Accounts presenting as a romantic suitor may use an attractive person in their account imagery. T0151.017: Dating Platform: Analysts can use this sub-technique for tagging cases where an account has been identified as using a dating platform. |
+Attractive person used in account imagery.
An influence operation might flesh out its account by uploading account imagery (e.g. a profile picture), increasing its perceived authenticity.
Pictures of physically attractive people can benefit threat actors by increasing attention given to their posts.
People sometimes legitimately use images of attractive people as their profile picture, and threat actors can mimic this behaviour to avoid the risk of detection associated with stealing or AI-generating profile pictures (see T0145.001: Copy Account Imagery and T0145.002: AI-Generated Account Imagery).
This Technique is often used by Coordinated Inauthentic Behaviour accounts (CIBs). A collection of accounts displaying the same behaviour using similar account imagery can indicate the presence of CIB. |
TA15 |