Traffic networks are vulnerable to disinformation attacks.

Disinformation continues to raise concerns due to its increasing threat to society. Nevertheless, a threat of a disinformation-based attack on critical infrastructure is often overlooked. Here, we consider urban traffic networks and focus on fake information that manipulates drivers' decisions to create congestion at a city scale. Specifically, we consider two complementary scenarios, one where drivers are persuaded to move towards a given location, and another where they are persuaded to move away from it. We study the optimization problem faced by the adversary when choosing which streets to target to maximize disruption. We prove that finding an optimal solution is computationally intractable, implying that the adversary has no choice but to settle for suboptimal heuristics. We analyze one such heuristic, and compare the cases when targets are spread across the city of Chicago vs. concentrated in its business district. Surprisingly, the latter results in more far-reaching disruption, with its impact felt as far as 2 km from the closest target. Our findings demonstrate that vulnerabilities in critical infrastructure may arise not only from hardware and software, but also from behavioral manipulation.