7. Countering Denial and Deception

Whaley (2006) further wrote: “Counterdeception is … now standard jargon among specialists in military deception. This useful term was coined in 1968 by Dr. William R. Harris during a brainstorming session with me in Cambridge, Massachusetts.” Harris’s papers, while widely influencing other scholars of deception and counterdeception, are hard to come by. Epstein (1991) cites William R. Harris (1968) “Intelligence and National Security: A Bibliography with Selected Annotations.” Cambridge MA: Center for International Affairs, Harvard University. Other relevant Harris counterdeception papers Epstein cited include “Counter-deception Planning,” Cambridge MA: Harvard University, 1972; and “Soviet Maskirovka and Arms Control Verification,” mimeo, Monterey CA: U.S. Navy Postgraduate School, September 1985.

Bodmer et al. (2012) noted Chinese cyber deception in cyber wargaming (p. 82): “reports of the People’s Liberation Army (PLA) advancing their cyber-deception capabilities through a coordinated computer network attack and electronic warfare integrated exercise.” We found no references explicitly to cyber exercises of cyber-counterdeception.

Rowe used the term counterdeception, we believe he meant what we term here counter-deception; Rowe, N. C. (2004) “A model of deception during cyber-attacks on information systems,” 2004 IEEE First Symposium on Multi-Agent Security and Survivability, 30–31 Aug. 2004, pp. 21–30. Rowe (2003) proposed a counterplanning approach to planning and managing what we term counter-deception operations; Rowe, N. C. (2003) “Counterplanning Deceptions To Foil Cyber-Attack Plans,” Proceedings of the 2003 IEEE Workshop on Information Assurance, West Point NY: United States Military Academy, June 2003. A recent description of counter-deception, “a multi-layer deception system that provides an in depth defense against … sophisticated targeted attacks,” is Wang, Wei, Jeffrey Bickford, Ilona Murynets, Ramesh Subbaraman, Andrea G. Forte and Gokul Singaraju (2013) “Detecting Targeted Attacks by Multilayer Deception,” Journal of Cyber Security and Mobility, v. 2, pp. 175–199. http://​riverpublishers.​com/​journal/​journal_​articles/​RP_​Journal_​2245-1439_​224.​pdf

For a general analysis of denial techniques in cyber-counter-deception (cyber-C-D), see Yuill, Jim, Dorothy Denning, & Fred Feer (2006) “Using Deception to Hide Things from Hackers: Processes, Principles, and Techniques,” Journal of Information Warfare. 5,3: pp. 26–40.

The Economist (2014) “Banks and fraud: Hacking back--Bankers go undercover to catch bad guys,” The Economist, April 5th 2014. http://​www.​economist.​com/​news/​finance-and-economics/​21600148-bankers-go-undercover-catch-bad-guys-hacking-back

Mandiant (2013) APT1: Exposing One of China’s Cyber Espionage Units. http://​intelreport.​mandiant.​com/​Mandiant_​APT1_​Report.​pdf and Appendices.

STIX and the STIX logo are trademarks of The MITRE Corporation. The STIX license states: The MITRE Corporation (MITRE) hereby grants you a non-exclusive, royalty-free license to use Structured Threat Information Expression (STIX™) for research, development, and commercial purposes. Any copy you make for such purposes is authorized provided you reproduce MITRE’s copyright designation and this license in any such copy (see http://​stix.​mitre.​org/​).

TAXII and the TAXII logo are trademarks of The MITRE Corporation. The TAXII license states: The MITRE Corporation (MITRE) hereby grants you a non-exclusive, royalty-free license to use Trusted Automated Exchange Indicator Information (TAXII™) for research, development, and commercial purposes. Any copy you make for such purposes is authorized provided you reproduce MITRE’s copyright designation and this license in any such copy (see http://​taxii.​mitre.​org/​).

Other than a few references to detecting deception in social engineering situations, we found no research on cyber-counterdeception, per se, in general searching of the scholarly literature.

Some (e.g., Bennett and Waltz 2007) would credit “incongruity analysis” to R. V. Jones, and his theory of spoofing and counter-spoofing. See Jones, R. V. (2009) Most Secret War. London: Penguin, pp 285–291: “the perception of incongruity—which my ponderings have led me to believe is the basic requirement for a sense of humour—[concluding]… the object of a practical joke [is] the creation of an incongruity.”

For example, Heuer, Jr., Richards J. (1981) “Strategic Deception and Counterdeception: A Cognitive Process Approach,” International Studies Quarterly, v. 25, n. 2, June 1981, pp. 294–327.Whether or not deception is detected, assessing hypotheses regarding the adversary’s possible courses of action against the evidence provides useful insights into adversary intentions: “The [counterdeception] cell would be tasked to … [look] at the data from the enemy’s point of view. They would need to place themselves in the mind of the enemy, determine how they would develop a deception plan and see if evidence supports it. … The enemy may not be employing a deception plan, but the process will aid in exploring different enemy courses of action that may have been overlooked.” Heuser, Stephen J. (1996) Operational Deception and Counter Deception. Newport RI: Naval War College, 14 June 1996. Bruce and Bennett (2008) wrote: “the failure to generate hypotheses increases vulnerability to deception…One key to Why Bad Things Happen to Good Analysts has been conflicting organizational signals regarding promotion of overconfidence (“making the call”) versus promotion of more rigorous consideration of alternative hypotheses and the quality of information;” Bruce, James B. & Michael Bennett (2008) “Foreign Denial and Deception: Analytical Imperatives,” in George, Roger Z. & James B. Bruce (2008) Analyzing intelligence: origins, obstacles, and innovations. Washington DC: Georgetown University Press.

Gilovich, T., D. Griffin, & D. Kahneman (2002) Heuristics and Biases. Cambridge UK: Cambridge University Press; and Dawes, R.M. (2001) Everyday Irrationality: How Pseudo Scientists, Lunatics, and the Rest of Us Systematically Fail to Think Rationally. Boulder CO: Westview Press.

Heuer, Jr., R. J. (1981) “Strategic Deception and Counterdeception: A Cognitive Process Approach,” International Studies Quarterly, v. 25, n. 2, June 1981, pp. 294–327; Elsäesser, C. & F. J. Stech (2007) “Detecting Deception,” in Kott, A. & W. M. McEneaney eds (2007) Adversarial reasoning: computational approaches to reading the opponent’s mind. Boca Raton FL: Taylor & Francis Group.

See Fischhoff, B., (1982) “Debiasing,” in Kahneman, D., P. Slovic, & A. Tversky, eds. (1982) Judgment under Uncertainty: Heuristics and Biases. Cambridge UK: Cambridge University Press, pp. 422–444.

See Stech, F., and C. Elsäesser (2007) for review of the various counterdeception theories, “Midway Revisited: Detecting Deception by Analysis of Competing Hypothesis,” Military Operations Research. 11/2007; v. 12, n. 1, pp. 35–55.

Heuer, Jr., Richards J. (1999) “Chapter 8, Analysis of Competing Hypotheses,” Psychology of Intelligence Analysis, Washington DC: Central Intelligence Agency. https://​www.​cia.​gov/​library/​center-for-the-study-of-intelligence/​csi-publications/​books-and-monographs/​psychology-of-intelligence-analysis/​

“2nd Bureau of the People’s Liberation Army (PLA) General Staff Department’s (GSD) 3rd Department, which is most commonly known by its Military Unit Cover Designator (MUCD) as Unit 61398.” Unit 61398 functions as “the Third Department`s premier entity targeting the United States and Canada, most likely focusing on political, economic, and military-related intelligence,” Stokes, M.A., J. Lin, and L.C.R. Hsiao (2011) “The Chinese People’s Liberation Army Signals Intelligence and Cyber Reconnaissance Infrastructure,” Project 2049 Institute, 2011: 8, http://​project2049.​net/​documents/​pla_​third_​department_​sigint_​cyber_​stokes_​lin_​hsiao.​pdf