The ongoing phishingIndividual Information War attacks aimed at popular webmail applications are (amongst other things) a massive individualized reputation attack against the holders of those accounts. Friends, customers and contacts all read in bemusement as they receive emails requesting funds from previously trusted cohorts via the email addresses they have used to communicate with them for many years  [in the case of hotmail for potentially thirteen years].  An email address is a personal brand and therefore when it is compromised the consequences can be highly damaging.

Destroying or attacking brands isn’t a new idea, however it is acquiring more potency with the ubiquitous use of social media and the ability to seed negative themes about brands now massively distributed — rather than concentrated in the hands of a top down media system. The company Interbrand produces an annual list of the most valuable brands and goes so far as to ascribe a dollar figure to the brand itself.  Examining the methodology for ascribing a dollar figure to the brand also illustrates how the brands are more vulnerable than ever before to being disrupted at critical points in their value chain particularly where the brand connects with the customer or potential customer.  Disconnecting customers from the brand can clearly be achieved by a targeted use of disinformation emanating from the lower reaches of the world’s wired social networks.  Most companies have experienced some version of this, one of the most long-standing examples is the disinformation campaign mounted against Starbucks, which in its various iterations claims the company refused to ‘give free coffee to western troops fighting in [insert name of war]’.  Starbucks have used the web to deny this but still the message continues to be re-worked and re-used.  It has become clear that the only way to fight an online crowd is with another online crowd but those cannot be simply manufactured but building up online supporters is as important as building loyal customers.

Much of this isn’t news but the ability to apply these principles at an individual level within any given society is becoming more pronounced.  Attacking an individual’s reputation by either hijacking their online identity or surrounding their virtual identity with damaging information is currently a relatively easy proposition.  Anyone savvy enough to know how a search engine is powered, how to manipulate social networks and how to sign-up for the myriad of free online networks and services can launch devastating reputation attacks against individuals by hijacking or smearing their personal brand.  Very little technical knowledge is required to be effective.  This is likely to become a significant trend in the near-term as digital natives play out rivalries in virtual spaces leaving employers, credit agencies and any other outside assessor bemused by how to assess the human sitting in front of them.

So what are the potential solutions to this problem?  There certainly appears to be room for services, which monitor protect and defend virtual brands – this has been happening at a company level but has not migrated down to an individual level [spinhunters appeared to be operating in this space – the blog post on reputation nightmares for CEOs is particularly instructive]. But this is all first generation attack and response planning — second generation activity in this space is potentially much more devastating.  The professionalization of hacking combined with the collection of data scraped from a variety of digital sources means that sophisticated disinformation campaigns can be aimed at any of the brands listed by Interbrand and no doubt could put a significant dent in the dollar figure ascribed to them.   A well designed and well-targeted information attack would also hamper the brands ability to respond by disrupting internal systems and surrounding key executives with a kind of micro-information war.

What is the response to this?  Can you build an early warning system?  Are there Information Warfare Minutemen?  The answers are hard to discern but finding them will form a critical part of defending individual and corporate brands.  Programs can certainly be put in place now to understand the information patterns swirling around individuals or organizations – getting and understanding a baseline of the information terrain you are currently operating within should now be a key security metric.