Active social engineering defense (ASED) large scale social deception (LSD)

https://www.usaspending.gov/award/CONT_AWD_FA865018C7886_9700_-NONE-_-NONE-

Archive file

https://www.darpa.mil/research/programs/active-social-engineering-defense

Summary
Over the past 40 years, our world has become increasingly connected. These connections have enabled major advances in national security from pervasive real-time intelligence and communications to optimal logistics.

With this connectivity has come the threat of cyber attacks on both military systems and critical infrastructure. While we focus the vast majority of our security efforts on protecting computers and networks, more than 80 percent of cyber attacks and over 70 percent of those from nation states are initiated by exploiting humans rather than computer or network security flaws.

To build secure cyber systems, it is necessary to protect not only the computers and networks that make up these systems but their human users as well.

We call attacks on humans “social engineering” because they manipulate or “engineer” users into performing desired actions or divulging sensitive information. The most general social engineering attacks simply attempt to get unsuspecting internet users to click on malicious links.

More focused attacks attempt to elicit sensitive information, such as passwords or private information from organizations or steal things of value from particular individuals by earning unwarranted trust.

These attacks always have an “ask,” a desired behavior that the attacker wants to induce from the victim. To do this, they need trust from the victim, which is typically earned through interaction or co-opted via a spoofed or stolen identity. Depending on the level of sophistication, these attacks will go after individuals, organizations, or wide swathes of the population.

Social engineering attacks work because it is difficult for users to verify each and every communication they receive. Moreover, verification requires a level of technical expertise that most users lack. To compound the problem, the number of users that have access to privileged information is often large, creating a commensurately large attack surface.

The Active Social Engineering Defense (ASED) program aims to develop the core technology to enable the capability to automatically identify, disrupt, and investigate social engineering attacks. If successful, the ASED technology will do this by actively detecting attacks, intervening in communications between users and potential attackers, and coordinating investigations into the source of the attacks.

ChatGPT:
 

The U.S. Department of Defense (DoD) might hire a news agency like Reuters to assist with the Active Social Engineering Defense (ASED) program for several strategic reasons:

1. Access to Information & Threat Intelligence – News agencies have extensive global networks and sources that can help identify emerging social engineering threats, misinformation campaigns, and influence operations in real time.
2. Media Monitoring & Analysis – Reuters has expertise in tracking and analyzing narratives, disinformation, and propaganda. The DoD could use this capability to detect social engineering attacks early and counteract them effectively.
3. Testing & Simulations – Reuters, as a trusted news organization, might help by participating in controlled experiments to understand how social engineering attacks spread, how users respond, and how interventions could be designed.
4. Countering Disinformation – Since social engineering often involves manipulating public perception, Reuters’ experience in fact-checking and verifying information could assist in developing defense mechanisms against misinformation-based attacks.
5. Public Communication & Education – A news agency could help the DoD shape narratives, educate the public about social engineering threats, and provide guidance on how to avoid falling victim to such attacks.
6. Investigative Journalism & Attribution – Reuters’ investigative journalism expertise might help uncover sources of social engineering campaigns, identifying malicious actors and networks responsible for conducting influence operations.

If such an arrangement were in place, it would likely be controversial, as collaboration between the military and independent news organizations raises concerns about journalistic integrity and government influence over media.