Nov 21, 2019

Influencer marketing comes to cybersecurity

Illustration: Aïda Amer/Axios

The cybersecurity community is reckoning with influencer culture for the first time after several popular figures ran paid advertisements on their social media accounts.

The big picture: For years, the world of cybersecurity experts has operated more like a scientific community than a commercial one — and, until very recently, more like a counterculture than a service. The paid posts provided a glimpse of a corporate sponsor-driven future for security specialists surprised to find out that corporations knew who they were.

Driving the news: Several follower-rich cybersecurity Twitter accounts ran individualized promotions for Lenovo's secure line of products and security services, ThinkShield (all tagged "#ad #thinkshield"), sparking immediate pushback from the wider community.

  • The influencer marketer VizSense, not Lenovo, reached out to influencers. It's not clear how much Lenovo was aware of the plan.
  • The influencers who were contacted included a reporter, well-known researchers, a former intelligence operative, executives, a financial tech expert, an AI guru and others. All had more than 10,000 Twitter followers.
  • No one who ran the ads has confirmed being part of this campaign; however, several Twitter personalities posted using those hashtags.
  • VizSense, Lenovo and seven people who appear to have run Lenovo ads related to this campaign — one of whom ran ads in multiple languages — did not respond for requests for comment.

The campaign prompted immediate criticism online, with several security luminaries seeking out and posting screenshots of paid posts.

Between the lines: On Instagram, YouTube and other platforms, influencers with large followers routinely take cash to promote products, often in the fashion industry or entertainment. But this appears to be the first time personality-driven advertisements have been used in cybersecurity.

Several of the influencers who turned down the ads told Codebook that companies could use established, less-controversial methods if they wanted researchers to help increase awareness of security products and initiatives.

  • Researchers are often paid to conduct third-party evaluations of products. They can be brought in to assist in relevant research projects or speak at branded events and webcasts on research topics.
  • "There's nothing wrong with compensated reviews," said Chris Wysopal, co-founder and CTO of Veracode, who noted that VizSense couched an offer to him in terms of paid evaluations of Lenovo wares. "But it didn't look like the tweets people put out were reviews."
  • Wysopal and Jake Williams of Rendition Infosec, who both declined VizSense's offer, noted that they were asked to review Lenovo's ThinkShield based on an information sheet, not a product. Neither felt like they could have evaluated a full product in the time frame VizSense offered.

Zack Whittaker, the security editor for TechCrunch, told Codebook that VizSense approached him over LinkedIn — implying they were at least somewhat aware of his role as a journalist.

  • "It's particularly unethical for a company to actively approach journalists, of all people — ergo, to ask them to violate their ethics — to promote something in exchange for payment," he said, via electronic message.

The irony, said Wysopal, is that the backlash might obscure real progress Lenovo has made since the Superfish incident.

  • "There's a lot of good to ThinkShield, according to what they sent me," he said, pointing to supply chain protections that could fight future Superfish-style problems. "They didn't need to go with this approach."

Go deeper

RNC expands convention search across the Sun Belt

Donald Trump, Mike Pence and their families on the last night of the Republican National Convention in Ohio in 2016. Photo: David Hume Kennerly/Getty Images.

The Republican National Committee is planning site visits over the next 10 days to more than a half-dozen cities — across the South and into Texas and Arizona — as it scrambles for a new convention host, people familiar with the internal discussions tell Axios.

Driving the news: The RNC's executive committee voted Wednesday night to allow most of the convention to move — with only a smaller, official portion remaining in Charlotte — after North Carolina's governor said the coronavirus pandemic would mean a scaled-back event with social distancing and face coverings.

Oil faces tough road back from coronavirus

Illustration: Aïda Amer/Axios

Oil companies in the battered shale patch are starting to bring back some production as prices climb, but a new report underscores how the pandemic is taking a heavy financial toll despite signs of revival.

Driving the news: Fourteen North American producers have filed for bankruptcy thus far during the second quarter, per a tally from the law firm Haynes and Boone, which closely tracks the sector's finances.

2 hours ago - World

Hong Kong legislature bans insults to Chinese national anthem

Activists holding a candlelit remembrance outside Victoria Park in Hong Kong on June 4, 2020, to mark the 1989 Tiananmen Square crackdown. Photo: Anthony Wallace/AFP via Getty Images

Hong Kong’s legislature approved a bill Thursday that makes insulting the "March of the Volunteers," the Chinese national anthem, illegal, AP reports.

Why it matters: It did so on the 31st anniversary of the Tiananmen Square protests, when Chinese troops opened fire on pro-democracy activists in 1989. The death toll has never been released, but estimates vary between hundreds and thousands.