Cyberwarfare / Nation-State Attacks , Fraud Management & Cybercrime
Experts Warn of Post-Trump Shooting Misinformation, Scams
'Russian Troll Farms Are Highly Active' as FBI Investigates Attempted AssassinationWithin hours of the assassination attempt against former President Donald Trump on Saturday, social media platforms became hotbeds of speculation and wild claims. Posts on X, formerly Twitter, blamed President Joe Biden, the deep state and two antifa activists. Others called the incident a GOP-led false flag operation.
See Also: OnDemand | 2024 Phishing Insights: What 11.9 Million User Behaviors Reveal About Your Risk
As the investigation unfolds over the next days and weeks, authorities and cybersecurity experts advise individuals and organizations to beware of online threats in the forms of physical violence, nation-state disinformation and cybercrime campaigns.
"Although the rhetoric of threats of violence has already increased online, we’re seeing that pick up in the aftermath of this event," FBI Deputy Director Paul Abbate said in a news conference Sunday.
The FBI is leading the investigation into the shooting, which occurred just past 6 p.m. Saturday at a Trump rally in western Pennsylvania, where a bullet shot from a nearby metal roof grazed the former president's right ear. Secret Service shot and killed the shooter, whom the FBI identified as 20-year-old Thomas Matthew Crooks of Bethel Park, Pennsylvania.
Abbate said the shooting is being investigated as both an assassination attempt and an act of domestic terrorism, and FBI criminal and terrorism teams are working together on the case. He also warned about the high level of misinformation and disinformation on social channels.
"We've seen individuals go online and attempt to mimic or pose as the shooter, who obviously now is deceased," Abbate said. One poster on X claimed to be the shooter - a tweet amplified by right-wing activist Laura Loomer and other Trump supporters. In the video, the man said, "My name is Thomas Matthew Crooks. I hate Republicans. I hate Trump. And guess what, you've got the wrong guy."
A panoply of claims surfaced on social channels in the wake of the shooting. One set of posts named an antifa supporter as the shooter, but the accompanying photo was of an Italian soccer fan and YouTuber. Others speculated that the whole incident was set up. A YouTuber's post, which gained more than 1 million views before the poster removed it, claimed that the photo of a bleeding Trump framed by the U.S. flag, was "too damn perfect." Others implied the incidents was orchestrated by the Democrats. U.S. Rep. Mike Collins, R-Ga., posted that "Joe Biden sent the orders."
Russian Election Influence Threat
International leaders worldwide decried the violence but did not assign blame - except for Russia. Russian state media figures have long predicted an assassination attempt against Trump and laid the blame squarely on Biden, though one broadcaster suggested that Ukraine Special Forces were behind the attempt. Kremlin spokesperson Dmitry Peskov said Sunday that Russia does not believe Biden was behind the attack, "but the atmosphere that was created by this administration during the political struggle, the atmosphere around candidate Trump. It is precisely this that provoked what America is facing today," Peskov said.
The shooting is likely to be a launching pad for more intense misinformation and disinformation campaigns by Russia to influence the 2024 presidential election in November, said Tom Kellermann, senior vice president of cyber strategy at Contrast Security, who said he worries about follow-up attacks against Trump's opponent.
"Russian troll farms are highly active," said Kellermann, a former member of the presidential Commission on Cyber Security. "The Russians' disinformation campaign is ballooning using the image of Trump bleeding to foster right-wing hate of the Biden administration. Every kinetic act now begins in cyberspace."
Widespread interest in news about the shooting is similar to major global incidents such as the COVID-19 pandemic, in that cybercriminals and nation-state groups will seize the opportunity to steal credentials and compromise accounts.
"At this point, who among us wouldn't click a link with plausible breaking news about another attack on Trump - or Biden for that matter?" said Jake Williams, faculty member at the Institute for Applied Network Security and a former National Security Agency elite hacking team member.
"I'd also expect threat actors to use phishing lures claiming to contain unreleased video of the shooter," Williams said. "One technique we've seen before in these types of events involves claiming the video needs a special codec or browser plug-in to play properly, compromising the victim's system."
Secret Service in the Spotlight
Much of the speculation is centered on how the shooter managed to get close enough to the former president with an AR-15-style rifle without being detected. FBI Special Agent Kevin Rojek said Sunday the FBI is focusing on the shooting and not necessarily on the security at the Trump rally. "That would be something the Secret Service would be in a better place to answer than me," Rojek said.
Both Republican and Democratic lawmakers have demanded answers to questions about the Secret Service.
In a letter to Secret Service Director Kimberly Cheatle on Sunday, Democratic Rep. Ruben Gallego described the shooting as a "security failure at the highest level, not seen since the attempted assassination of President Reagan."
“This cannot happen, and I demand accountability,” Gallego said.
While both active and retired Secret Service agents are reluctant to speak on the record about the shooting and its aftermath, some agents spoke anonymously with Information Security Media Group about what their protection efforts entail for an event such as the Trump rally.
"Nobody does it better than the USSS when it comes to protection," said one retired agent. "At a high level, it's a multifaceted, comprehensive concentric ring of security that also includes protective intelligence monitoring and input."
Another retired agent discussed the threat intelligence from human and cyber intelligence sources that agents sift through.
"There is a lot that goes into protection before and after [an event]," the agent said. "Before even the physical side of the advance happens, threat assessments of people and groups that have unusual interest in the protectee begin. Information over social media aids in potential threat identification. With the overall advance, cyber infrastructure is also included. Like presidential protective division agents, there is a section of agents within the Technical Security Division that will advance the IT and OT infrastructure supporting an event. The more scaled and longer time the protectee are at an event, the more extensive the prep."