Facebook Fakers Get Better At Covering Tracks

Creators of fake accounts and news pages on Facebook are learning from their past mistakes and making themselves harder to track and identify, posing new challenges in preventing the platform from being used for political misinformation, cyber security experts say.

This was apparent as Facebook tried to determine who created pages it said were aimed at sowing dissension among U.S. voters ahead of congressional elections in November. The company said on Tuesday it had removed 32 fake pages and accounts from Facebook and Instagram involved in what it called “coordinated inauthentic behaviour.”

While the United States improves its efforts to monitor and root out such intrusions, the intruders keep getting better at it, said cyber security experts interviewed over the past two days.

Ben Nimmo, a senior fellow at the Washington-based Digital Forensic Research Lab, said he had noticed the latest pages used less original language, rather cribbing from copy already on the internet.

“Linguistic mistakes would give them away before, between 2014 and 2017,” Nimmo told Reuters. “In some of these newer cases it seems they’ve caught on to that by writing less (original material) when posting things. With their longer posts sometimes it’s just pirated, copy and pasted from some American website. That makes them less suspicious.”

Facebook’s prior announcement on the topic of fake accounts, in April, directly connected a Russian group known as the Internet Research Agency to a myriad of posts, events and propaganda that were placed on Facebook leading up to the 2016 U.S. presidential election.

This time, Facebook did not identify the source of the misinformation.

“It’s clear that whoever set up these accounts went to much greater lengths to obscure their true identities than the Russian-based Internet Research Agency (IRA) has in the past,” the company said in a blog post here on Tuesday announcing the removal of the pages. “Our technical forensics are insufficient to provide high confidence attribution at this time.”

Facebook said it had shared evidence connected to the latest flagged posts with several private sector partners, including the Digital Forensic Research Lab, an organisation founded by the Atlantic Council, a Washington think tank.

Facebook also said the use of virtual private networks, internet phone services, and domestic currency to pay for advertisements helped obfuscate the source of the accounts and pages. The perpetrators also used a third party, which Facebook declined to name, to post content.

Facebook declined to comment further, referring back to its blog post.

U.S. President Donald Trump’s top national security aides said on Thursday that Russia is behind “pervasive” attempts to interfere in November’s elections and that they expect attempts by Russia, and others, will continue into the 2020 elections.

They say they are concerned that attempts will be made to foment confusion and anger among various political groups in the United States and cause a distrust of the electoral process.

Two U.S. intelligence officials who requested anonymity told Reuters this week there was insufficient evidence to conclude that Russia was behind the latest Facebook campaign. However, one said “the similarities, aims and methodology relative to the 2016 Russian campaign are quite striking.”

‘PREVIOUS MISTAKES’
Experts who track online disinformation campaigns said the groups who launch such efforts have changed how they post content and create posts.

“These actors are learning from previous mistakes,” said John Kelly, chief executive of social media intelligence firm Graphika, adding they do not use the same internet addresses or pay in foreign currency.

“And as more players in the world learn these dark arts, it’s easier for them to hide among the multiple actors deploying the same playbook,” he said.

Philip Howard, an Oxford University professor of internet studies and director of the Oxford Internet Institute, said that suspicious social media accounts like those taken down this week were once more easily identifiable because they shared the same information from high-profile publications like RT, the Russian English-language news service, or Breitbart News Network.

But now, the content they often share is more diverse and less discernible, coming from lesser known sites, including internet forums that mix political news with other topics, he said.

“The junk news they’re sharing is using better quality images, for example, more believable domains, less-known websites, smaller blogs,” Howard added.

U.S. intelligence agencies have concluded that Russia meddled in the 2016 presidential campaign using tactics including fake Facebook accounts. The Internet Research Agency was one of three Russian companies charged in February by U.S. Special Counsel Robert Mueller with conspiracy to tamper with the 2016 election.

Moscow has denied any election interference.

Reuters:

You Might Also Read:

Facebook And Fake News

« SamSam: $6 million Ransomware
Cyber AI In the Cloud: Securing New Computing Models, Applications & Devices »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

DTEX Systems

DTEX Systems

DTEX Systems is the global leader for insider risk management. We empower organizations to prevent data loss by proactively stopping insider risks from becoming insider threats.

Granite Partners

Granite Partners

Granite is a cloud service for the development of business risk management, cyber security and privacy and occupational safety and health.

PrimaTech

PrimaTech

PrimaTech provide process safety, cyber and process security, and risk management consulting, training and software for the process industries.

National Authority for Electronic Certification and Cyber Security (AKCESK)

National Authority for Electronic Certification and Cyber Security (AKCESK)

AKCESK ensures security for trusted services, in particular reliability and security in electronic transactions between citizens, businesses and public authorities.

SenseOn

SenseOn

SenseOn’s multiple threat-detection senses work together to detect malicious activity across an organisation’s entire digital estate, covering the gaps that single point solutions create.

Matias Consulting Group (MCG)

Matias Consulting Group (MCG)

Your Business needs competitive and resilient ICT solutions. MCG defines, deploy & support them enabling you to focus on your core business.

Tenzir

Tenzir

Tenzir's primary focus lies on network forensics: the systematic investigation of cyber attacks with big data analytics.

Ockam

Ockam

Ockam gives you the tools you need to establish an architecture for trust within your connected device applications.

CyberEdBoard

CyberEdBoard

CyberEdBoard is a private, peer-to-peer education and networking community focused on cybersecurity, technology, business processes and risk management.

SecOps Group

SecOps Group

SecOps Group is a boutique cybersecurity consultancy helping enterprises identify & eliminate security risks on a continuous basis.

Normalyze

Normalyze

Normalyze are solving some of the most painful problems enterprise IT security teams face in the cloud and data security space. We help enterprises protect all the data they run in the cloud.

Techmentum

Techmentum

At Techmentum, our mission is to utilize technology to help companies succeed. Our expertise includes fully managed IT services, cybersecurity, cloud, and custom technology solutions.

Bastion Technologies

Bastion Technologies

All your cyber defense. One platform. Keep your business assets and employees safe under one roof. Manage your cyber defense quickly, easily & efficiently.

CYBHORUS

CYBHORUS

CYBHORUS are a team of Italian cyber security experts, specialized in cyber threat defense and strategic and organizational consulting.

PureID

PureID

Protect your enterprise with PureAUTH #IAMFirewall, Resilient SSO platform, purpose built to provide Passwordless Authentication & Zero Trust Access, by default.

Prequel

Prequel

Prequel is your real-time problem detection and resolution platform, powered by the global reliability community.