Corporate communications teams are adept at getting a company’s message out into the world with various content, including websites, blog posts, videos, webinars, e-books, and much more. These professionals already have a lot on their plate. In addition to understanding their company’s offerings and creating useful materials to describe them, they must fend off competitors and others who may try to thwart those efforts through plagiarism, negative messaging, or even flat-out lies.
But none of that comes close to the damage that can be done by a new threat to corporate communications: Disinformation-as-a-Service (DaaS). That’s right, anyone who wants to can purchase a disinformation campaign against your company, complete with fake news and misinformation that can be quickly spread through readily available technologies. The worst part? It was cheap. Elements of such a campaign can be purchased for as little as $15.
So, what can you do to secure your company’s hard work in content development from being ruined by someone with something against you and $15 to spare?
We list strategies to help you protect your business in the sections below. But first, we’ll explain what DaaS is and where it came from.
DaaS: What Is It?
“[DaaS] is a new model of information warfare in which anyone can buy fake news and misinformation campaigns and spread them across the internet,” writes HackerNoon. DaaS is enabled by a network of professional trolls, bots, and other online manipulation tools that can be hired.”
DaaS operations are similar to malevolent communications teams that fabricate negative information about a company rather than providing genuine information and benefits. That means people or organizations who want to harm your online reputation don’t have to try.
Instead, they can outsource this activity like some businesses outsource their marketing or public relations. Like a marketing firm, these services can create content to prove their point.
An illustration of a DaaS attack
Here’s an illustration of how it works. Assume you are a contractor and a client is unhappy with a project you completed for them.
You disagree, and the contract signed by both parties favors you.
However, the customer is unsatisfied and hires a DaaS provider to create false information about your company, demonstrating its unreliability.
The service may include creating a duplicate website with numerous negative reviews and other content, such as deep fake videos of you saying things you did not say.
It’s too late by the time you realize what’s going on. The information has already been disseminated, the harm has been done, and you can do little to undo it.
How to Do It
The steps below describe how a DaaS attack is carried out. The attacker chooses a target, which could be a business competitor, a political rival, a public figure, a journalist, an ordinary person, or even an idea, such as vaccine effectiveness.
The attacker searches for and hires a DaaS provider on the dark web. They must use a specific browser such as Tor to access the dark web, often navigate confusing addresses, and identify a merchant. Costs may be as follows, according to an article published by consulting firm PwC.
- A 1,000-character article costs $15-45.
- $100 for direct contact with a media source to spread material.
- $65 for ten comments posted on a given article or news story.
- Social media marketing costs between $350 and $550 per month.
- $1,500 for SEO services to promote social media posts and articles over a 10-15-day period.
The DaaS provider examines the target and audience the attacker wishes to reach. They look for topics of interest to the audience and vulnerabilities of the target that may coincide with those interests.
Parents, for example, are interested in warnings about products that their children may use.
In that case, creating a campaign against a toy company claiming that one or more of its products is dangerous could be extremely effective.
The DaaS provider develops primary and supporting stories for distribution to the target audience. These stories can be social media accounts or posts, videos, blog posts, articles, or other types of content. The supporting stories serve to validate the primary story. The DaaS provider spreads false information across predefined digital platforms.
The goal of both the DaaS provider and the attacker is for the information to spread widely. Without realizing it, readers naturally spread false information by sharing it on their online platforms, such as blogs, YouTube channels, and social media accounts. Their followers forward it to their followers, and so on.
The attacker, as a “disinterested party having nothing to do with the information itself,” may respond to it by calling for a boycott or taking other actions to further the disinformation campaign.
Where Does DaaS Come From?
DaaS providers frequently conduct business in countries with little to no regulation, such as Russia. They rely on the following sources.
Bots.
These automated social media accounts spread troll-created misinformation.
Fake news sources.
These websites may appear legitimate news sources, but they exist to disseminate false information.
Influencers.
Influencers are people who promote things like beauty products online. However, some influencers promote incorrect information and ideas.
Platforms for social media use.
Even with a concerted effort, social media platforms can only partially prevent misinformation from spreading. The problem is that most put forth a lackluster effort, making these sites ideal for lies to grow in strength.
The deep web.
This underbelly of the internet is home to marketplaces inaccessible via standard web browsers and where illegal items (such as drugs and weapons) and services, including DaaS, can be purchased.
They operate anonymously, making it difficult to determine who is behind them.
Farms for trolls.
These professional troll groups made famous during the 2016 U.S. presidential campaign do their worst by spreading fake news.