Thanks to the ongoing Senate hearings on election hacking we are learning about how the Russians interfered with our presidential elections by sponsoring numerous fake social media accounts and even placing advertisements on Facebook, YouTube and Google that targeted people with interest on divisive issues.

But while policy makers are rightfully angered by these platforms’ inability to curb these attacks proactively, it is important to recognize that Facebook, Google, and even some web hosting services were mere vehicles providing a convenient platform for what was a much larger propaganda process made possible by the Internet’s Dark Triad: spearphishing, trolling, and fake news.

It is this trifecta that Vladimir Putin used to interfere with our elections as well elections in Germany and other parts of Europe. And it is this triad that we need to understand and stop.

At the tip of this triad is spearphishing—malware-laden email attachments and hyperlinks that when clicked provide the hacker backdoor access into an individual’s computers and networks. Every major attack from the Chinese military led theft of our F35 spy plane blueprints, to the infamous North Korea-led hack into Sony Pictures, to the Russian hacks into the DNC computers during our elections employed spearphishing. In fact, spearphishing attacks are so easy to craft that the Russians used the help of a 15-year old Canadian-Khazak citizen to conduct the attacks.

Anchoring the other end of the triad is organized trolling campaigns. What started with PR firms attempting to “manage” consumer reviews got co-opted by nation states to hijack online conversations by flooding message boards with vitriolic comments and counter-narratives. Confessions from “professional” trolls in Russia and investigative reports by the NYT’s Adrian Chen show how Russia’s state-sponsored Internet Research Agency orchestrates campaigns using phony social media profiles, interconnected networks of fake friends, even faked LiveJournal blogs for the profiles.

The final dark anchor is “fake news”—the latest form of online propaganda aimed at distorting information and spreading contrarian, even speculative views as real news. Enabling this phenomenon are some of the same phony social media profiles used for trolling along with pseudo “news” websites with seemingly credible names like The Conservative Frontline or The American Patriots, with a presence on multiple social media channels, many directly linked to Russian propaganda channels, providing the critical mass for a story to get noticed.

And as the stories are discussed by various groups the lies get crowd-sourced—arguments are strengthened, connections created, facts added—and quickly the fake news morphs into another more sensational story, spinning further news cycles. Some fake news and trolling campaigns link back to phishing websites, leading to still more breaches and even more fake news.

This was how the Russians influenced our elections. By hacking DNC emails, leaking it via WikiLeaks, and then seeding divisive political arguments, counter narratives, and conspiracy theories through fake news websites and trolling campaigns—such as pointing to the murder of DNC staffer Seth Rich in 2016 as evidence of his involvement in the hack—the Russians made many among us question our democratic processes that ultimately influenced the elections.

Unfortunately, our collective focus today is on organizations like Facebook and Twitter, who have reacted by creating task forces that curate internal lists of fake profiles and identify fake news feeds. Others like,, and the BBC have likewise developed internal task forces that curate lists of fake news and sites. But these initiatives only address small parts of the triad—its trees—and does nothing to stop the forest that is the triad from propagating using a different platform during the next election cycle.

What we need instead is a mechanism to stop the triad completely.

And this can be done because the triad has an Achilles: it is highly coordinated. Attacks usually reuse the same, finite set of social media profiles, web domains, fake news websites, email accounts, and even malware. In fact, the reuse of email profiles and malware signatures was our basis for identifying the source of the DNC hack as being Russian intelligence.

We can thus stop the triad if we develop mechanisms to track such coordination. But this will require a unification of efforts on our end, not the diversified approaches currently in place.

This must begin by the development of a centralized breach reporting system where individuals and organizations can report suspected spearphishing attacks and get remedial help. Such a system could help track attacks and serve as an early warning system to other organizations, who can take effective counter measures to stop further breaches.

A similar mechanism could help stop organized trolling and the propagation of fake news. Rather than the internal policing efforts now being done covertly within social media organizations, what we need is a centralized repository—a WikiFacts page of sorts— where fake profiles, news, and suspicious data from different media websites are continuously reported, flagged, and publicly displayed. This information can be populated by social media organizations, search engines, as well as by user reports. Such a system would directly benefit the general public, who can report and review suspicious information; it can also help smaller media organizations who could directly use this intelligence to forestall any misuse of their platforms.

The Dark triad is a dystopian version of the game of telephone played online using hacked information and fake news. Ironically, the origins of this game can be traced to a medieval game in which players wrote stories that got increasingly distorted as people passed it along—a game called Russian Scandal. Only this scandal is for real.