Cyber influence defense: Applying the DISARM framework to a cognitive hacking case from the Romanian digital space

Abstract

One of the main lessons learned in the context of Russia’s full-scale invasion of Ukraine starting in February 2022 is that for- eign information manipulation and interference (FIMI) operations are closely coupled with cyber threats. Regardless of whether cyberattacks are followed by an information manipulation compo- nent and vice versa, the merger of the two can be an early indica- tor of the potential for a conflict to escalate from the cyber area to the ground. Our article is premised on the idea that today’s highly technologised information ecosystem is a fertile ground for cyberattacks and information manipulation in the context of FIMI; more specifically, it enables cognitive hacking, meaning hacking the human mind and human cognition altogether through techno- logical disruption and cyber pressure. Starting from this premise, the aim of the article is to highlight the technological determi- nants of cognitive hacking and identify silent or emerging threats that bypass technological sensors and seek to disrupt and manip- ulate the information environment. The empirical part is based on observation as a descriptive method, which is used to analyse a case of cognitive hacking carried out via a YouTube malvertis- ing campaign targeting Romanian users. This case study is anal- ysed qualitatively by matching the DISinformation Analysis & Risk Management (DISARM) framework with evidence collected through Open-Source Intelligence (OSINT) tools, following an innovative analysis structured according to the purposes, actions, results and techniques (PART) model. The extensive analysis of the identified case shows that applying the DISARM framework to cyber-enabled operations can be useful for anticipating and responding to FIMI threats, even when such operations do not appear to have a spe- cific, immediately identifiable purpose.