Countering 5G Conspiracy Theories

This is Recorded Future, inside threat intelligence for cybersecurity.

Dave Bittner:

Hello everyone, and welcome to episode 186 of the Recorded Future podcast. I'm Dave Bittner from the CyberWire.

The global transition to 5G mobile technology is well underway, with ongoing network build-out and increased availability of 5G-enabled devices able to take advantage of the increased speed and capacity of the next-generation network. The transition, however, has attracted an odd type of controversy, primarily from conspiracy theorists who claim that 5G is responsible for everything from brain cancer to COVID-19, or that it’s some sort of high tech mind-control system put in place by some secret global governing body. Most find these ideas farfetched and absurd, but there are enough people out there who follow this line of thinking that it presents real security issues for the companies who are responsible for installing and maintaining these networks. Joining us this week is Dave Brown, cyber intelligence professional at telecommunications giant BT. One of his primary responsibilities is protecting the people and infrastructure responsible for making 5G a reality. He shares his insights on the tools, tactics, and procedures he uses to counter the flood of misinformation, and to ensure the physical protection and availability of 5G for consumers, businesses, and the public sector alike.

Dave Brown:

I didn't actually join as an intelligence professional. I fell into it accidentally, if you like. I started off at the army many, many years ago, back in the 80s, where I was employed as a combat medic on disposal of chemical weapons, that operation called Op Alamanda and Operation Apple, which was digging up and disposing of mustard gas from World War I that had been buried after the war and forgotten. I got into becoming a little bit of an expert on CBRN then. Did my normal career, deployed in the Gulf War, that kind of thing.

Big change came, actually was 1995, when the Tokyo attack on the Shinrikyo on the Tokyo underground. The British army decided it needed a response team to CBRN terrorism. And as I'd just come off my instructor's course, I was actually tasked with forming a medical team, training, equipping and a big part of that was the intelligence background. I then decided to educate myself through the army and there was a lot of short university courses, which I attended and I spent quite a few years attending these things, which eventually led us to get a certificate in terrorism studies. And then I progressed under my post grad, then onto my Masters.

During my career, as well, I was also deployed to operations, like the Middle East or the Balkans Yugoslavia, former Yugoslavia. I briefed guys on the warring factions intelligence background. Like I say, it was something I just emerged naturally just as part of my day job rather than being actually employed as an intelligence analyst. But obviously I had an interest and a little bit of a talent for it so when I left the army, I was employed by BT and the vacancy came up for the intelligence analyst so I applied, got the job. And here I am. It's eight years later amongst conspiracy theories. It's been an interesting journey, if nothing else. Like I say, all quite accidental. Apart from the actual university courses, none of it was really planned. I just almost grew into it naturally. Was always an area of interest, so it's something I enjoy as well as doing for a living, which is a big help.

Dave Bittner:

And so what is your day-to-day like these days at BT? What sort of things take up your time?

Dave Brown:

Well, I monitor for any emerging threats to the business. Basically no day is the same. At the moment I'm actually specifically employed checking for the anti-5G threats as a result of the stuff I had detected earlier on in the year with COVID. I developed an operation and we focus, my area of responsibility was focused on that. Normally however, I'd deal with direct action threats, any protests, demonstrations, any kind of extremism that could potentially impact on the business, either directly or through targeted threat or indirectly, there's a big protest, it's near one of our facilities, then that can be a problem. That's one of the things.

The other one is, and it's linked to it, is the hacktivist threat things like the Million Mask March, where you've got Anonymous on the streets and you've also got the associated cyber threat from the hacktivist group on the back of that as well. Again, this is related to direct action is the event's persistent threat actors, i.e., influence operations, how Russia, China, et cetera, malicious state actors will sort of use Twitter and social media to generally stir up the direct action campaigns itself.

We saw that quite a lot during 2016, the U.S. election. I monitored that and noted that there was some activity. One incident was pro and anti-Trump meetings were being organized and spread about by Russian actors to sow a conflict between the two opposing factions, which is the Gerasimov Doctrine of basically subverting a nation state by other means.

I have a very broad area of responsibility when you look at it from that perspective. But the bottom line is anything that happens globally that can impact us locally is probably the simplest way I can describe what I do.

Dave Bittner:

Well, we're going to spend some time today digging into some of these 5G conspiracy theories that have been linked to COVID-19 and where those have taken you. Can you give us a little of the backstory in history? My recollection is that, well gosh, I suppose as long as we've had cellular networks, there've been conspiracy theories about them.

Dave Brown:

Yeah, yeah, that's right, Dave. The 5G, it, emerged from 4G, which in turn emerged from 3G. I'm sure if we went back to the years of Alexander Graham Bell, there was probably somebody saying, "That thing's going to give you brain cancer," or something now. Yeah. But yeah, it's been a long term thing and it's something that we've, what I said is we kept the weather eye on it. An example of that was 2019 during Glastonbury Festival, where AE, who's is one of our partner companies, part of BT really, was setting up for 5G at the festival for communications and there was a lot of anti-5G direct action activity there. Wasn't so much of a physical threat was more leaflet, the more peaceful side, but what it did, it put them more on radar than they had been.

There's always been threats and vandalism, that kind of thing for a long time, but we know that was becoming a bit more organized, a bit more growing in intensity. Again, it wasn't one of our high priorities. It was just a priority amongst many others, but we did keep an eye on them, set up alerts, that kind of thing.

When COVID happened, the narrative very much changed. The language changed. It became a bit more virulent, a bit more fearful, a bit more angry and it was decided then that we probably needed to up the ante ourselves and to monitor these people. It was back in March when I identified that guy called Mark Steele, he’s the head of the Save Us Now movement and he's been a major driver behind some of the conspiracy theories.

It was encouraging others to commit arson basically but in such a way that it was just about staying within the law. But the result of that, we saw an explosion of hashtags, not just down to this one individual, it was across the board snowballed. And then the direct linking of COVID to 5G technology did seem to initiate a spread of arson attacks.

And in April 2020, we had a real problem. We were seeing several attacks every week. Each attack was approximately 300,000 pound sterling, which was untenable to carry on not intervening. We decided to do an intelligence-driven response. We reached out to partners and stakeholders and then, more or less at a single coordinated point and that included inviting commercial rivals, who were suffering the same problems we were.

It made sense to unite against the common enemy for want of a better phrase. Yeah, and then from there, it's just been a case of learning the techniques and the ideology and methodology of the activists concerned and adapting our response to meet their changing tactics. We still suffer attacks, there is a lower tempo, but still a genuine threat. And obviously, each attack is very expensive so it's something that we focus on. I'm dedicated to focus on it at the moment.

Dave Bittner:

Can you give us some insight into what that must have been like, because as you and I said, there's always been conspiracy theories about cellular technology, does it cause brain cancer and so on and so forth? And it seems like, COVID-19 was a catalyst for folks to take that to the next level, but I can't recall and perhaps I just simply am not aware. I can't recall a coordinated campaign to destroy the technology in the way that these folks were coming at this.

Dave Brown:

No, that ties in pretty much with what we're seeing. There were individual attacks and previously telecoms communication technology, we'd had attacks back in 2012 on telecoms infrastructure, mainly from anarchists, specifically the Bristol area, linked to the informal Anarchist Federation who are still active and remain a group of concern to us. There'd be things like, say November the 5th, for instance, Million Mask March, but that's also bonfire night in the U.K., fireworks nights where we celebrate the failure of the Gunpowder Plot and one of our partners, MBNL who coordinate and deal with this security response, our intelligence, they attended a deal with a few phase rounds about that time. Whether that was ideologically driven or not is not certain really, because you've got people with fire wishing, or people with fires, then the temptation is, well, let's set something on fire so it's not necessarily ideologically driven.

What we noticed in 2020 was the ideological drivers seemed to gain more traction amongst a wider audience. I believe personally, I believe one of the reasons for that was lockdown. It was a combination of fear of the novel virus and the situation which was combined by the agitators let's just say, of the dangers of 5G technology, i.e., 5G was causing the COVID was one of the theories and put simply fear with boredom being locked down and more people online getting into these forums, looking up COVID and then maybe coming across 5G. I think that led to a bit of a snowball effect and people who would normally not be involved in conspiracy theories and things like that got involved.

Regarding it being coordinated, we certainly thought it was coordinated in the early days, but again, my view here was more or less inspired. The main actors, people like Mark Steele were radicalizing people online and this was being spread. And another event that was happening which aggravated the situation was the rollout of 5G, coincidentally there were a lot of masts being built during lockdown. And another part of the theory was that lockdown was created so that the 5G masts and the technology could be rolled out without any opposition which again, raised suspicions in the mind of the activists. It was pretty much a perfect storm.

One of the good news, I suppose, was the linking of the COVID to the 5G, i.e., COVID causes 5G was obviously pretty outlandish. And that was debunked and a lot of people online were mocking it but there seems to be almost an evolution of the conspiracy theories over the following months and the ideology and the rhetoric seems to adapt to meet whatever geopolitical situation is developing at the time.

It's moved away from the COVID-5G link and what it's become now is that COVID is a pretext for the imposition of the new world order, agenda 2030, agenda 2021 and that 5G is actually the backbone of an Orwellian surveillance state. Which is far more difficult to counter when you've got people who are being arrested for protesting and feeling their human rights will be limited. Then this new theory that it's a surveillance grid resonates with far more people than the initial one, which was a bit of a tinfoil hat one for want of a better expression.

What we've seen is the anti-lockdown and the COVID vaccinations. One of the rumors, the COVID vaccination contains nanoparticles which facilitates a 5G tracking technology and everything has become intermingled. We've almost got a perfect storm of conspiracy theories and 5G is the backbone of this and it's extremely difficult to counter.

Dave Bittner:

Yeah. Can you give us some insight, so when you say that you've taken an intelligence-driven response, can you give us some information, what goes on behind the scenes there? What sort of intelligence are you gathering? How do you go about doing that? And how has that led to a success here? Because you have seen a decline in the attacks.

Dave Brown:

Yeah, well, the main thing was liaison and cooperation between partners. We're in contact with other stakeholders who share information and intelligence. It tends to come to me and I will clear any of the intelligence, cross refer it, check the reports. From my own perspective, I use multiple sources. I use HUMINT, I use Recorded Future and other platforms. I also have a really great partnership with one of our data scientists, Dr. Jonathan Roscoe, who's done some fantastic work in analyzing data, hashtags, usernames, and patterns of attack, that kind of thing, which gives us an easy visualization of where hotspots of activism or hotspots of 5G attacks are developing. This information then is collated, analyzed, and we pass it onto our MBNL rep, John, who sends it out to his guys and they make the security decisions. He has his contacts with the actual security teams.

If we identify area of specific concern, i.e., streets or a town of specific concern based on intelligence, HUMINT, messaging, increase in certain hashtags, increase in certain phraseology, we will then make the decision whether or not to increase the security threat there and things like deployment of cameras and covert and overt security teams and so on are some of the mechanisms that are used. Obviously I'm not going to say everything that we do. But basically it's good partnership.

We also liaise with law enforcement if we come across any actionable intelligence related to individuals, a government agency as well. For instance, if we come across a webpage which is spreading disinformation or threats, then we can actually ask to have that particular page taken down. We're very, very mindful of using that tool and tend to only request anything if it is a physical danger to individuals or infrastructure or if it's actually unlawful behavior, if it's disinformation, that's likely to lead to a genuine threat.

We're not in the business of censorship across the board because that would be counterproductive and it would reinforce the narrative. If somebody is just debating something, then sometimes it's best to let the debate continue if it's genuine concerns. Otherwise, when people are arguing that they're in COVID 1984 censorious police state, it could be counterproductive to create a situation where you're reinforcing that narrative. It is a very delicate balancing act. And me personally, I'm fully aware of human rights and liberty and freedom and freedom of speech concerns.

Dave Bittner:

What are the take homes for you? What are the lessons that you've learned having been through this experience? Things you can share with other folks around the world who may be faced with similar situations in their own world, any words of wisdom?

Dave Brown:

Probably something I can paraphrase from Winston Churchill, which is basically that a lie can get around the world before the truth has even got his trousers on. It's actually the speed of how disinformation can take hold and pass and gain traction amongst ideologues. And one of the things to probably take away is to understand the mindset of, I wouldn't say opponent, but the mindset of the people who you're trying to counter, because only by understanding why they're acting in a way, gives you an ability to maybe predict and preempt how they're going to behave under certain circumstances. Understanding why they're doing something often gives you an insight into the how and potentially the where and the when, using the Kipling principles.

Understand who you're dealing with is the bottom line. Understand the theories without necessarily agreeing with them. There's always that danger, you get too far down the rabbit hole, start to believe the stuff yourself if you're not careful.

Dave Bittner:

Right, hmm, maybe they have a point.

Dave Brown:

Yeah, yeah, it does happen. Believe me. I'm turning into Fox Mulder at the moment. It's almost like being trapped in an episode of the X-Files at times. But my job actually, my job is to get to the truth of the matter. From lies often you will find the truth and the truth is whatever the veracity of the theories, whatever these people believe, whether it's true, false, or whatever, the reality is, it results in very real threats against our infrastructure and our people and my job's to protect that. It really is a case of learning, understanding in order to protect people and property.

Dave Bittner:

Our thanks to Dave Brown from BT, for joining us.

Don't forget to sign up for the Recorded Future Cyber Daily email, where every day you'll receive the top results for trending technical indicators that are crossing the web, cyber news, targeted industries, threat actors, exploited vulnerabilities, malware, suspicious IP addresses, and much more. You can find that at recordedfuture.com/intel.

We hope you've enjoyed the show and that you'll subscribe and help spread the word among your colleagues and online. The Recorded Future podcast production team includes Coordinating Producer Caitlin Mattingly. The show is produced by the CyberWire, with Executive Editor Peter Kilpe, and I'm Dave Bittner.

Thanks for listening.