Data analytics firm Cambridge Analytica worked with the winning Brexit campaign harvested millions of social media profiles and used them to build a powerful software program to predict and influence choices at the ballot box. / CA on Wikipedia

Company used so called scraping techniques to collect and compute profiles from social networks. Scraping networks stands for automatically collecting data from publicly available social profiles and is an established practice.

While their political campaigns demonstrate the power of Information Warfare, their methodology itself is a common way to gather data from available sources and use it for own operations.

Top ↑

The Methodology

The Cambridge Analytica methodology demonstrates the power of monitoring in an area of ubiquitous social media sources and external databases. As an information warfare “worst practice, it outlines the shift in communication, especially when realizing the global political impact, this gangster-move finally had. 

/ more about the methodology

Top ↑

According to Cambridge Analytica CEO Alexander Nix, the success of Cambridge Analytica’s marketing is based on a combination of three elements: behavioral science, Big Data analysis, and ad targeting. Ad targeting, defined as personalized advertising, aligned as accurately as possible to the personality of an individual consumer.

Cambridge Analytica buys personal data from a range of different sources, like land registries, automotive data, shopping data, bonus cards, club memberships, what magazines you read, what churches you attend. Then Cambridge Analytica aggregates this data with the electoral rolls of the Republican party and online data and calculates a personality profile. Digital footprints suddenly become real people with fears, needs, interests, and residential addresses.

Nix introduced the Cambridge Analytica Methodology while speaking in Hamburg with the words: „My children will certainly never, ever understand this concept of mass communication.

Top ↑

The Attack Chain

  1. An adversary scrapes and steals targets metadata. The adversary uses metadata to create a psychographic profile to identify targets vulnerabilities.
  2. AI-enabled software is used to generate malicious fake video and fake audio content.
  3. Bot armies (aka. sock puppets) strategically pump deceptive content into online information systems. Machine learning-enabled bots to feed content to people most likely to share faked media.
  4. Social news enable widespread sharing and viewing
  5. Misinformation runs rampant online, eroding society´trust in institutions and leading to chaos.

Top ↑

Blueprints for fighting against fraudulent traffic

It takes time and effort to identify and fight ad fraud – but needs to be done to protect advertisers and publishers and increase transparency throughout the advertising industry. 

The good news is that there are blueprints for fighting against fraudulent traffic through a combination of technology, policy, and operations teams.

Before Cambridge Analytica & Facebook, there was the LinkedIn data leakage with data analyst hiQ and Yahoo losing more than 3 Bn emails. – that´s more than

Top ↑

The LinkedIn scandal

How LinkedIn operates

LinkedIn allows users to create profiles and then establish connections with other users. Users create a profile on the site, they can choose from a variety of different levels of privacy protection. They can choose to keep their profiles entirely private or to make them viewable by their direct connections to a broader network of connections all other LinkedIn members or the entire public When users choose the last option, their profiles are viewable by anyone online regardless of whether that person is a member. LinkedIn also allows public profiles to be accessed via search engines such as Google. This comes with consequences!

Top ↑

LinkedIn can be scraped

Data analyst hiQ gathers the workforce data that forms the foundation of its analytics by automatically collecting it, or “scraping” it, from publicly available LinkedIn profiles

Data analyst hiQ then sells to its client businesses information about their workforces that hiQ generates through analysis of data on LinkedIn users‟ publicly available profiles.

Data analyst hiQ offers two products: “Keeper,” which tells employers which of their employees are at the greatest risk of being recruited away; and “Skill Mapper,” which provides a summary of the skills possessed by individual workers.LinkedIn argues that it faces significant harm because hiQ‟s data collection threatens the privacy of LinkedIn users because even members who opt to make their profiles publicly viewable retain a significant interest in controlling the use and visibility of their data. 

Top ↑

In particular, LinkedIn points to the interest that some users may have in preventing employers or other parties from tracking changes they have made to their profiles. LinkedIn posts that when a user updates his profile, that action may signal to his employer that he is looking for a new position.

LinkedIn states that over 50 million LinkedIn members have used a “Do Not Broadcast” feature that prevents the site from notifying other users when a member makes profile changes. This feature is available even when a profile is set to public.

LinkedIn also points to specific user complaints it has received objecting to the use of data by third parties. In particular, two users complained that information that they had previously featured on their profile but subsequently removed, remained viewable via third parties.

Top ↑

LinkedIn maintains that all of these concerns are potentially undermined by hiQ‟s data collection practices: while the information that hiQ seeks to collect is publicly viewable, the posting of changes to a profile may raise the risk that a current employee may be rated as having a higher risk of flight under Keeper even though the employee chose the Do Not Broadcast setting.

HiQ could also make data from users available even after those users have removed it from their profiles or deleted their profiles altogether. LinkedIn argues that both it and its users, therefore, face substantial harm absent an injunction; if hiQ is able to continue its data collection unabated, LinkedIn members‟ privacy may be compromised, and the company will suffer a corresponding loss of consumer trust and confidence. 

Source: (12/2017)

Top ↑

Need Help?

We can help you understand the dynamics of information warfare and develop an appropriate strategy. Request a free web meeting with us to discuss our mentorship program, where we guide you through coaching sessions.

If you’d like to contact us, email or, if you’d prefer to talk in-person, use our online scheduler to schedule your meeting. Axel Hoehnke will be your point of contact. | Client Testimonials