Why Jenny Can’t Figure Out Which Of These Messages Is A Covert Information Operation

We view foreign interference in US and UK elections via social manipulation through the lens of usable security. Our goal is to provide advice on what interventions on the socio-technical election system are likely to work, and which are likely to fail. Strategies that the usable security literature indicates are likely to work are those that (1) avoid overloading the user's primary task; (2) help people understand negative consequences of their actions; and (3) support the long-term education of users with analytic reasoning skills and adequate background knowledge. Several of the responses to election interference proposed by governments and technology companies so far do not abide by these recommendations and are likely to be ineffective

Understanding the role of sender reputation in abuse reporting and cleanup

Motivation: Participants on the front lines of abuse reporting have a variety of options to notify intermediaries and resource owners about abuse of their systems and services. These can include emails to personal messages to blacklists to machine-generated feeds. Recipients of these reports have to voluntarily act on this information. We know remarkably little about the factors that drive higher response rates to abuse reports. One such factor is the reputation of the sender. In this article, we present the first randomized controlled experiment into sender reputation. We used a private datafeed of Asprox-infected websites to issue notifications from three senders with different reputations: an individual, a university and an established anti-malware organization.Results: We find that our detailed abuse reports significantly increase cleanup rates. Surprisingly, we find no evidence that sender reputation improves cleanup. We do see that the evasiveness of the attacker in hiding compromise can substantially hamper cleanup efforts. Furthermore, we find that the minority of hosting providers who viewed our cleanup advice webpage were much more likely to remediate infections than those who did not, but that website owners who viewed the advice fared no better.Organisation and Governanc