Facebook still doesn't know the extent of Russian ad buys in election
"Far less splashy, and far more difficult to trace, was Russia’s experimentation on Facebook and Twitter, the American companies that essentially invented the tools of social media and, in this case, did not stop them from being turned into engines of deception and propaganda.An investigation by The New York Times
, and new research from the cybersecurity firm FireEye, reveals some of the mechanisms by which suspected Russian operators used Twitter and Facebook to spread anti-Clinton messages and promote the hacked material they had leaked. On Wednesday, Facebook officials disclosed that they had shut down several hundred accounts that they believe were created by a Russian company linked to the Kremlin and used to buy $100,000 in ads pushing divisive issues during and after the American election campaign.
On Twitter, as on Facebook, Russian fingerprints are on thousands of fake accounts that regularly posted anti-Clinton messages. Many were automated Twitter accounts, called bots, that sometimes fired off identical messages seconds apart — and in the exact alphabetical order of their made-up names, according to the FireEye researchers. On Election Day, for instance, they found that one group of Twitter bots sent out the hashtag #WarAgainstDemocrats more than 1,700 times.
Russia has been quite open about playing its hacking card. In February last year, at a conference in Moscow, a top cyberintelligence adviser to President Vladimir V. Putin hinted that Russia was about to unleash a devastating information attack on the United States.
“We are living in 1948,” said the adviser, Andrey Krutskikh, referring to the eve of the first Soviet atomic bomb test, in a speech reported by The Washington Post. “I’m warning you: We are at the verge of having something in the information arena that will allow to us to talk to the Americans as equals.”
Mr. Putin’s denials of Russian meddling have been coy. In June, he allowed that “free-spirited” hackers might have awakened in a good mood one day and spontaneously decided to contribute to “the fight against those who say bad things about Russia.” Speaking to NBC News, he rejected the idea that evidence pointed to Russia — while showing a striking familiarity with how cyberattackers might cover their tracks.
In April, Facebook published a public report on information operations using fake accounts. It shied away from naming Russia as the culprit until Wednesday, when the company said it had removed 470 “inauthentic” accounts and pages that were “likely operated out of Russia.” Facebook officials fingered a St. Petersburg company with Kremlin ties called the Internet Research Agency.
Russia deliberately blurs its role in influence operations, American intelligence officials say. Even skilled investigators often cannot be sure if a particular Facebook post or Twitter bot came from Russian intelligence employees, paid “trolls” in Eastern Europe or hackers from Russia’s vast criminal underground. A Russian site called buyaccs.com (“Buy Bulk Accounts at Best Prices”) offers for sale a huge array of pre-existing social media accounts, including on Facebook and Twitter; like wine, the older accounts cost more, because their history makes chicanery harder to spot.
The trail that leads from the Russian operation to the bogus Melvin Redick account,
however, is fairly clear. United States intelligence concluded that DCLeaks.com was created in June 2016 by the Russian military intelligence agency G.R.U. The site began publishing an eclectic collection of hacked emails, notably from George Soros, the financier and Democratic donor, as well as a former NATO commander and some Democratic and Republican staffers. Some of the website’s language — calling Mrs. Clinton “President of the Democratic Party” and referring to her “electional staff” — seemed to belie its pose as a forum run by American activists.
DCLeaks would soon be followed by a blog called Guccifer 2.0, which would leave even more clues of its Russian origin. Those sites’ posts, however, would then be dwarfed by those from WikiLeaks, which American officials believe got thousands of Democratic emails from Russian intelligence hackers through an intermediary. At each stage, a chorus of dubious Facebook and Twitter accounts — alongside many legitimate ones — would applaud the leaks.
During its first weeks online, DCLeaks drew no media attention. But The Times found that some Facebook users somehow discovered the new site quickly and began promoting it on June 8. One was the Redick account, which posted about DCLeaks to the Facebook groups “World News Headlines” and “Breaking News — World.”
The Redick profile lists Central High School in Philadelphia and Indiana University of Pennsylvania as his alma maters; neither has any record of his attendance. In one of his photos, this purported Pennsylvania lifer is sitting in a restaurant in Brazil — and in another, his daughter’s bedroom appears to have a Brazilian-style electrical outlet."
Facebook was aware as early as June 2016 that members of a hacking group connected to Russia's military intelligence unit, the GRU, had begun creating fake accounts to amplify stolen emails. The US intelligence community concluded in January 2017 that the social media operation was part of a larger influence campaign by Russia.
The ads and the accounts that bought them were focused primarily on exploiting divisions over issues like race and immigration.
As previously reported, the fake accounts' destabilizing activity did not stop at controversial memes and hashtags — many organized real-life events,
rallies, and protests that galvanized dozens of people in states like Texas, Florida, and Idaho. Here's what we know so far about how the Russians used one of the biggest tech companies in the world to energize and influence American voters:
-They organized rallies in several states using Facebook's event tool: Russia-linked Facebook groups like "Heart of Texas" and "SecuredBorders" organized anti-immigrant rallies in Texas and Idaho that turned out dozens of protesters in the months leading up to the election. Another group called "Being Patriotic" organized pro-Trump flash mobs across Florida in August 2016.
-They purchased ads that promoted outsider candidates and exploited racial tensions:The ads boosted Trump, Green Party candidate Jill Stein, and Democratic candidate Bernie Sanders, and at least one ad centered on the Black Lives Matter movement. A group impersonating a California-based Muslim organization was also set up to push fake stories about Hillary Clinton.
-They created accounts to amplify emails stolen from the DNC: Members of a hacking group connected to Russia's military intelligence unit, the GRU, reportedly created the DCLeaks and Guccifer 2.0 accounts in June 2016 to help spread emails hacked from Democratic National Committee servers in late 2015.