DISARMframeworks/generated_pages/techniques/T0150.007.md

3.9 KiB
Raw Blame History

Technique T0150.007: Rented Asset

  • Summary: A Rented Asset is an asset which actors are temporarily renting or subscribing to.

    For example, threat actors have been observed renting temporary access to legitimate accounts on online platforms in order to disguise operation activity.

  • Belongs to tactic stage: TA15

Incident Descriptions given for this incident
I00064 Tinder nightmares: the promise and peril of political bots “In the days leading up to the UKs [2019] general election, youths looking for love online encountered a whole new kind of Tinder nightmare. A group of young activists built a Tinder chatbot to co-opt profiles and persuade swing voters to support Labour. The bot accounts sent 30,000-40,000 messages to targeted 18-25 year olds in battleground constituencies like Dudley North, which Labour ended up winning by only 22 votes. [...]

“The activists maintain that the project was meant to foster democratic engagement. But screenshots of the bots activity expose a harsher reality. Images of conversations between real users and these bots, posted on i-D, Mashable, as well as on Fowler and Goodmans public Twitter accounts, show that the bots did not identify themselves as automated accounts, instead posing as the user whose profile they had taken over. While conducting research for this story, it turned out that a number of [the reporters friends] living in Oxford had interacted with the bot in the lead up to the election and had no idea that it was not a real person.”


In this example people offered up their real accounts for the automation of political messaging; the actors convinced the users to give up access to their accounts to use in the operation. The actors maintained the accounts existing persona, and presented themselves as potential romantic suitors for legitimate platform users (T0097:109 Romantic Suitor Persona, T0143.003: Impersonated Persona, T0146: Account Asset, T0150.007: Rented Asset, T0151.017: Dating Platform).
I00113 Inside the Shadowy World of Disinformation for Hire in Kenya Researchers at Mozilla examined influence operations targeting Kenyan citizens on Twitter in 2021, providing “a grim window into the booming and shadowy industry of Twitter influencers for political hire here in Kenya”. The report touches upon how actors gained access to twitter accounts, and what personas they presented:

Verified accounts are complicit. One influencer we spoke to mentioned that the people who own coveted “blue check” accounts will often rent them out for disinformation campaigns. These verified accounts can improve the campaigns chances of trending. Says one interviewee: “The owner of the account usually receives a cut of the campaign loot”.

[...]

Many of the accounts we examined appear to give an aura of authenticity, but in reality they are not authentic. Simply looking at their date of creation wont give you a hint as to their purpose. We had to dig deeper. The profile pictures and content of some of the accounts gave us the answers we were looking for. A common tactic these accounts utilize is using suggestive pictures of women to bait men into following them, or at least pay attention. In terms of content, many of these accounts tweeted off the same hashtags for days on end and will constantly retweet a specific set of accounts.


Actors participating in this operation rented out verified Twitter accounts (in 2021 a checkmark on Twitter verified a users identity), which were repurposed and used updated account imagery (T0146.003: Verified Account Asset, T0150.007: Rented Asset, T0150.004: Repurposed Asset, T00145.006: Attractive Person Account Imagery).
Counters Response types

DO NOT EDIT ABOVE THIS LINE - PLEASE ADD NOTES BELOW