Are Korean music fans a cyber threat to be reckoned with?
Is it a mistake to write-off the cyber threat posed by Korean music fans? Security professionals appear to think so.
Delivering the opening keynote at the virtual Okta Disclosure 2020 security conference on September 3, well-respected cybersecurity analyst the Grugq tackled the application of cyber power. During his highly informative presentation, the Grugq touched on how some non-states have more cyber power that nation-states. In particular, he mentioned K-pop band BTS and their devoted fan base, the BTS ARMY (it stands for Adorable Representative M.C for Youth, apparently), which undoubtedly have such cyber power.
Indeed, a taste of the kind of power that K-pop Stans, the generic name for these devoted and obsessed fans, was revealed during the Black Lives Matter protest when their social media presence was effectively weaponized. This led me to wonder if then, the BTS ARMY and K-pop Stans were, in effect, the new Anonymous?
Estimated to be more than 100 million, the BTS ARMY is 50 million strong alone, I took the question of whether the K-pop Stan phenomena should be treated as part of the cyber threatscape to the people who know best: the cybersecurity industry itself.
Daniel Smith, a security researcher at Radware, is in no doubt that K-pop stans and the BTS ARMY can be considered the new anonymous. "They present the same risks and challenges to the threat landscape as Anonymous did in their prime," Smith says, "K-pop fans have been filling the void of an absent Anonymous." He says that this is certainly something of a "shift in non-state cyber power, from one group to the next, as the landscape evolves."
By way of an example, Smith points to the way that K-pop Stans flooded the Dallas Police Department iWatch Dallas app during the George Floyd protests. The app, which enabled citizens to report on protestor activity, was bombarded with video clips of K-pop artists. "Anonymous used to have this type of following and power," Smith says, "I call it a social botnet, where an idea results in a natural flood of traffic."
Charl van der Walt, head of security research at Orange Cyberdefense, has nothing but praise for the Grugq, calling him "a member of a leading corps of thinkers that we should be listening to more carefully." It should come as no surprise that van der Walt echoes the point that failing to "appreciate where and how the cyber landscape is different to traditional domains of conflict," is something that needs to be overcome.
By forcing our understanding of this landscape into preconceived frameworks, he says, we see cyberwar through a lens of understanding previous wars. "One effect of this is that we will overestimate the significance of familiar elements like hacking tools and other cyber weapons," van der Walt continues, "while underestimating other elements like the idea of soft power and the incredible influence that a networked construct like social media can bring to bear."
This soft power can have hard impacts, as Boris Cipot, a senior security engineer at Synopsys, explains. "In the case of BTS and their 50 million fans," he says, "I can see them being a cyberthreat. On the one hand, they could be used for marketing purposes, or even used politically."
However, it's when we get to the other hand that the more significant threat emerges, according to Cipot. "One of the biggest threats I see is if bad actors leverage the band's popularity for their personal gain," he says, "a threat actor might share a malicious fandom application, luring fans in. Then, after a few weeks, their devices could be used collectively to launch an attack against a third party; essentially, launching a DDoS attack."
OK, so that's a hypothetical scenario, but scenarios are the key to any threat consideration and manipulation "through recruitment and targeted disinformation," says Morgan Wright, chief security advisor at SentinelOne, "using the fan base to achieve the political objectives of an adversarial nation-state," does not seem such an outrageous scenario hypothesis in the context of threats and risk.
Martin Rudd, CTO at Telesoft Technologies, sees this whole phenomenon as being a representation of information warfare today. "Any well-motivated and reasonably well funded tech-savvy group can exert their own influence in todays world," he says, "this happens to be K-pop, able to exert their own techno-political influence."
The decentralization of information and power has led to such groups being able to take advantage by way of "influencing elections, Anonymous mounting DDoS attacks using botnets, to the purity of information warfare," Rudd says. "Were being outplayed," he continues, "they who understand the world and understand how people are getting and digesting data are the ones who are going to win."
K-pop almost defines this threat in that "you have already got people that are ready to listen, its almost pre-canned, you are just dropping the message into an audience that is already ready to listen," Rudd says. And don't forget that Stans, the BTS ARMY, are bonded regardless of race, religion or geographical boundaries. "You dont have to break through bringing them to the cause," Rudd concludes.
This weaponization of cyberspace is not new, as Joe Riggins, a principal security architect at Deep Instinct, reminds us. "What K-pop is doing is bringing it directly upfront and in everyones faces. For the most part, K-pop is using their organized social infrastructure that was initially used to fill stadiums with fans, to now support specific political platforms such as social justice," Riggins says. "Just as Anonymous was a hacktivist platform that had members with specific cyber-hacking skills, 'Stan armies' are deploying the same hacktivist initiatives using social media," he concludes.
Thom Langford, an information security analyst at GigaOm, also points out that this is not a new phenomenon. "In the early days of Anonymous, before they became heavily politicized and overtly active," Langford says, "they recruited regular people (housewives, office workers, students, stay at home dads) to carry out the largest DDoS attack at that time. They had no idea what they were doing was highly illegal and disruptive."
There's no great leap of faith required to see how Stans could be mobilized by bad actors while acting in supposed good faith.
Jamie Akhtar, CEO and co-founder of CyberSmart, told me that the rise of the Stans has undoubtedly expanded both the range of threat actors and the potential effects of cyber-enabled information warfare. "The pertinent question is," he says, "who are the most likely victims?"
Is this something governments should be concerned about, or 'just' a social media problem? "The reality," Akhtar says, "is this affects us all, and so we all have a part to play."As citizens, we must all take responsibility and educate ourselves on misinformation, report content that is inappropriate and be vigilant when it comes to social engineering, Akhtar tells me. "Collectively we need to create herd immunity against information operations both as individuals and as organizations," he says, "institutions must focus on prevention and deterrence by developing effective means of rapidly detecting the start of indicators that lead to information warfare campaigns and respond with rapid action to prevent digital pandemics from causing chaos."
"K-pop Stans, the BTS Army, aren't cyber threats in the normal sense of a malicious act seeking to damage or steal data, or disrupt digital life in general," Kevin Tongs, director of customer success at Flashpoint, says, "they are more the mass mobilization of a unified group of people, using cyber means such as social media, to create influence."
In militaristic terms, he insists, these are information operations and not information warfare. Whatever term you apply, though, there seems little doubting that they are already part of the modern threat landscape.
"The cyber risks posed by masses of people at one time were known as Anonymous, the hacktivist collective," Chris Grove, technology evangelist at Nozomi Networks, says, "prior to that, internet worms caused masses of people to act in coordination, albeit against their knowledge or consent." At the end of the day, he says, organizations are facing a challenge to keep operations up and running, regardless of who is at the other end of the attack, "be that a cocky hacker, criminal extortion gang, K-pop fans, terrorists, or nation-state actors."
"When groups of people work together to commit the crime of attacking computer systems, theyre no longer music fans," Grove says, "they become criminals at that stage." Grove doesn't, however, expect to see K-pop fans participating in Anonymous-style massive DDoS attacks. "I dont feel K-pop fans provide anything new to be feared in cybersecurity space," Grove says, "but their social influence and desire to be political is a different story."
Dusting off the old playbook is a great place to start, according to Daniel Smith, a security researcher at Radware. "We can definitely learn from the past," Smith says, "K-pop fans, just like Anonymous, have been engaging in political hacktivism. They operate in cyberspace by weaponizing social media platforms. At the core, the group will engage in mostly legal and naturally flooding of the oppositions assets or digital presence."
Others will, of course, break off in smaller groups to conduct more aggressive operations such as Denial-of-Service attacks, defacements, or information campaigns based off leaked material. "The best way to prepare for political hacktivism activity," Smith advises, "is to monitor not only the threat landscape but also the social climate."
I'll leave the last words to Morgan Wright, chief security advisor at SentinelOne. "I was a senior advisor in the U.S. State Department Antiterrorism Assistance Program, and a senior SME for the U.S. Department of Justice, leading the development of new information and intelligence sharing systems after 9/11," he says.
When, eventually, hearings were held in Congress, and the 9/11 Commission produced a report, one of the critical findings was a failure of imagination according to Wright. "A multitude of biases and limitations on cognitive ability deceive people into thinking they need to collect large amounts of information in order to make a decision and act," Wright says, "keeping up with the threats is much easier today with the amount of companies and government producing threat intelligence."
What remains harder, of course, is the ability to make a decision based on limited information and act. "How do you mitigate a tsunami?" he asks. "Sometimes taking an option that is good enough trumps waiting for the best option to magically appear," Wright says, concluding, "there is no magic answer on how to do this. It depends on so many factors. Organizations need to use elements of the OODA Loop (Observe-Orient-Decide-Act) to remain adaptive and responsive to ever-changing conditions globally.
- Network Security: Don't Trust And Verify - IT Jungle - October 23rd, 2020
- Akamai Reveals State of Internet: Threats to Retailers - Solutions Review - October 23rd, 2020
- Verisign Reports Third Quarter 2020 Results | Business | The Daily News - Galveston County Daily News - October 23rd, 2020
- Global Internet Security Software Market Analysis, Drivers, Restraints, Opportunities, Threats, Trends, Applications, And Growth Forecast To (2026). -... - October 23rd, 2020
- Nokia Threat Intelligence Report warns of rising cyberattacks on internet-connected devices - GlobeNewswire - October 23rd, 2020
- Cybersecurity and a potential Biden White House: Past tech priorities resurrected - SC Magazine - October 23rd, 2020
- Virgin Media has an important new feature, but switching it on will cost you - Express - October 23rd, 2020
- WISeKey and OpSec Security Partnership Establishes Trust Between Brands and their Customers through Improved Customer Engagement - GlobeNewswire - October 23rd, 2020
- Internet Of Things Iot Security Market Economic Perspective And Forecast To 2027 - PRnews Leader - October 23rd, 2020
- Why cybercriminals have 'Gone Vishing' during the COVID-19 Pandemic - Bdaily - October 23rd, 2020
- Insights on the Digital Security Control Global Market to 2027 - Strategic Recommendations for New Entrants - GlobeNewswire - October 17th, 2020
- More than 25% of Cypriots concerned about internet security - Cyprus Mail - October 17th, 2020
- 5 things you can do to secure your home office without hiring an expert - We Live Security - October 17th, 2020
- Beyond Speed and Reliability: Security Is a New Differentiator - Security Boulevard - October 17th, 2020
- Nationwide and Generali Global Assistance Partner to Enhance Identity Theft Protection - Insurance News Net - October 17th, 2020
- Global Internet of Things (IoT) Security Product Market 2020 Impact of COVID-19, Future Growth Analysis and Challenges | Cisco Systems, Inc, IBM... - October 17th, 2020
- Is BlackBerry (TSX:BB) Stock a Buy on the Latest News? - The Motley Fool Canada - October 17th, 2020
- Global Internet of Things or IoT Security Market to Reach $22 Billion+ Valuation by 2027, Largely Due to Blockchain Adoption - Crowdfund Insider - October 17th, 2020
- Internet Security Market with COVID-19 Recovery Analysis 2020 | Rapid Adoption of BYOD Policy to Boost Market Growth | Technavio - Business Wire - October 8th, 2020
- Tenable and the CIS Enter Partnership to Bolster Cyber Hygiene - AiThority - October 8th, 2020
- How to Build Smart Banks that Connect Customers with Modern DX - AiThority - October 8th, 2020
- #NCSAM: Is Connected Ever Going to be Protected? - Infosecurity Magazine - October 8th, 2020
- Cyber Security Awareness Month is here! - We Live Security - October 2nd, 2020
- Internet security Market Potential Growth, Size, Share, Demand and Analysis of Key Players Research Forecasts to 2027 - The Daily Chronicle - October 2nd, 2020
- Latest Report on Global Internet of Things (IoT) Security Market Analysis, Growth, Opportunity and Regional Insights 2026 - The Daily Chronicle - October 2nd, 2020
- Remarks by Henrietta Fore, UNICEF Executive Director, at Security Council meeting on universal connectivity & access to digital technology in... - October 2nd, 2020
- Lessons learned from firsthand experience on how to avoid internet fraud and other forms of cyberattacks (opinion) - Inside Higher Ed - October 2nd, 2020
- COVID-19 Update: Global Internet Security Audit Market is Expected to Grow at a Healthy CAGR with Top players: Symantec, Intel Security, IBM, Cisco,... - October 2nd, 2020
- Internet Security Market 2020: Potential growth, attractive valuation make it is a long-term investment | Know the COVID19 Impact | Top Players: HPE,... - September 30th, 2020
- The Top Internet of Things (IoT) Authentication Methods and Options - Security Boulevard - September 30th, 2020
- How Trusted Internet Connections Is Focusing Telework with TIC 3.0 - FedTech Magazine - September 30th, 2020
- Is your business looking for an extra layer of security - here's why a VPN may be the answer - TechRadar - September 30th, 2020
- A business connected to the cloud needs cloud-ready security, connectivity - Techgoondu - September 30th, 2020
- The 6 key races you haven't heard of that may help decide how we secure our elections - POLITICO - September 30th, 2020
- Get In Depth Analysis Of How Covid-19 Is Impacting The Internet Security Software Market - Unica News - September 30th, 2020
- Study finds over 4-in-10 WFH employees in SEA find it hard to switch-off after work - Backend News - September 30th, 2020
- 5 Ways to Secure Your Home Network - The Good Men Project - September 29th, 2020
- How To Make Peace With Your Internet Passwords - Forbes - September 29th, 2020
- Five Types of Cyber Security for Organizational Safety - Analytics Insight - September 29th, 2020
- Internet of Things (IoT) Security Market Competitive Research and Precise Outlook 2020 to 2027 - The Daily Chronicle - September 29th, 2020
- IT Security Spending Market Analysis highlights the Impact of covid-19 (2020-2026) | Check Point Software Technologies, Cisco Systems, EMC, Fortinet,... - September 29th, 2020
- Schrdingers Web offers a sneak peek at the quantum internet - Science News - September 29th, 2020
- Counter-Terrorism: Raiders Of The Lost Cache - Strategy Page - September 29th, 2020
- Trending 2020: Internet of Things (IoT) Security Market Analysis, Size, Trends and Forecast to 2025| Cisco Systems, Intel Corporation, IBM Corporation... - September 29th, 2020
- IoT coffee machine hacked to demand ransom - IT PRO - September 29th, 2020
- Show me who bans TikTok and I'll show you your (future) allies | TheHill - The Hill - September 27th, 2020
- Lokibot keylogger infections are growing across the internet - Komando - September 27th, 2020
- Evasive Malware Threats on the Rise Despite Decline in Overall Attacks - Infosecurity Magazine - September 27th, 2020
- Internet of Things Security Market size, development, key opportunity, application and forecast to 2026 | Check Point Security Software Technologies,... - September 27th, 2020
- Fears mount over Russian and Chinese hackers targeting the 2020 U.S. presidential election - CNBC - September 27th, 2020
- Internet of Things (IoT) Security market to Witness Increase in Revenues by 2016-2028 - Crypto Daily - September 27th, 2020
- How to leave no trace on the internet when using a VPN? - Techiexpert.com - TechiExpert.com - September 27th, 2020
- 2020 Demand In Internet of Things (IoT) Security Market By Key Types, Regions, Countries, Top Companies Competition, Consumers, Import-Export Forecast... - September 27th, 2020
- How the Pandemic Pushed a Generation of Americans to Discover the Perks (and Risks) of Online Banking - NextAdvisor - September 27th, 2020
- IT Security-as-a-Service Market 2020 By Manufacturers, Regions, Type And Application, Forecast To 2025| Blue Coat, Cisco, IBM, Intel Security,... - September 27th, 2020
- APT groups actively target Linux-based workstations and servers - Backend News - September 27th, 2020
- Critical steps for securing cyberspace - Microsoft on the Issues - Microsoft - September 27th, 2020
- Proven ways to stay ahead of configuration drift - ITProPortal - September 27th, 2020
- Global Embedded Security For Internet Of Things Market 2020 Trends Analysis and (COVID-19) Effect Analysis | Key Players Market With COVID-19 Impact... - September 27th, 2020
- Internet of Things (IoT) Security Technology Market 2020: Potential growth, attractive valuation make it is a long-term investment | Know the COVID19... - September 27th, 2020
- REMOTE WORKING: PROGRESS AND PERILS - Forbes Africa - September 27th, 2020
- Avoid scam 'DMV' websites | Sedona.Biz - The Internet Voice of Sedona and The Verde Valley - Sedona.biz - September 27th, 2020
- Get In Depth Analysis Of How Covid-19 Is Impacting The Internet Security Software Market - The Daily Chronicle - September 12th, 2020
- Better late than never: Zoom boosts security with 2FA - Verdict - September 12th, 2020
- Show and Tell: The Gryphon Tower Mesh Wi-Fi Security Router - Grit Daily - September 12th, 2020
- Internet of Things (IoT) Security Market 2020 Trends, Market Share, Industry Size, Opportunities, Drivers, Outlook, Analysis And Forecast To 2028 -... - September 12th, 2020
- Ensuring cyber awareness in the healthcare sector - Help Net Security - September 12th, 2020
- Internet of Things (IoT) Security Market Size, Regional Outlook, Competitive Strategies and Forecast by 2026 - The Daily Chronicle - September 12th, 2020
- Internet of Things Security Market, Share, Growth, Trends And Forecast To 2027: Dataintelo - Scientect - September 12th, 2020
- Kaspersky: 37% of internet users in SEA think they won't be targeted by cybercriminals - SoyaCincau.com - September 12th, 2020
- TikTok and WeChat may raise security concerns, but Trump's knee-jerk reaction isn't the way to deal with them - NewsChannel 3-12 - KEYT - September 12th, 2020
- Helping companies prioritize their cybersecurity investments - MIT News - September 6th, 2020
- Rapid7 NICER - starting a conversation on internet security | Company Report - FinTech Magazine - The FinTech & InsurTech Platform - September 6th, 2020
- Kansans are getting letters saying they applied for unemployment. The problem? Some never did. - Pittsburg Morning Sun - September 6th, 2020
- Embedded Security For Internet Of Things Market 2025 Opportunities, Applications, Drivers, Limitations, Companies, Countries, & Forecast - Express... - September 6th, 2020
- Why should you use a VPN on your iPhone and Mac? - Cult of Mac - September 6th, 2020
- 'No longer safe in their classroom:' NHCS remote-learning session hacked, sexualized profanity used - Port City Daily - September 6th, 2020
- How Romania is Solving Technology and Poverty Disparities - Borgen Project - September 6th, 2020
- How government is delivering better election security - GCN.com - September 6th, 2020
- Internet of Things (IoT) Security Market Report: Regional Data Analysis By Production, Revenue, Price And Gross Margin - Kewaskum Statesman News... - September 6th, 2020