AMITT

The AMITT Misinformation Framework

AMITT (Adversarial Misinformation and Influence Tactics and Techniques) is a framework designed to give responders better ways to rapidly describe, understand, communicate, and counter misinformation-based incidents.

AMITT is a Credibility Coalition Misinfosec working group project. The Misinfosec Working Group is an ongoing, collaborative, open and cross-disciplinary effort to describe online influence campaigns and their components. AMITT comprises much of our recent work on adapting information security (infosec) practices to help track and counter misinformation. AMITT is designed as far as possible to fit existing infosec practices and tools, giving responders the ability to transfer other information security principles to the misinformation sphere, and to plan defenses and countermoves.

The latest version of AMITT is held in the Github repository https://github.com/misinfosecproject/amitt_framework


Describing a Misinformation Incident with AMITT

The language and style of the AMITT framework is adopted from the MITRE ATT&CK framework. The framework is read left-to-right in time, with the entities to the left typically (but not necessarily) happening earlier in an incident. The phases are separated into left-of-boom (purple) and right-of-boom (red), to represent activities before (left) and after (right) an incident is visible to the general public.

Every AMITT component has a unique id (e.g. T0018 Paid targeted ads). To use AMITT, list and share the components you see in your incident, e.g.:

Compiling and reporting incidents is an important aspect of both responding and developing the tools needed to do so. To be effective, those reports should include as much information as possible about the stages and techniques at play in those incidents. We’ve created an html tool to help you with this https://github.com/misinfosecproject/amitt_framework/blob/master/matrix_to_message.html - download it, and click on the boxes that you need in your report. You can then cut-n-paste the list of techniques that it generates at the bottom of the page.


AMITT Extensions

AMITT is a living standard - the current model was built from an analysis of 22 incidents; the techniques listed are a subset of the ones used in misinformation incidents. The model will evolve -

The current tool is the start of a larger toolset to implement the AMITT standard.