The Role Of Russian Influence In The Brexit Referendum Is Unclear

In the 18 months since the Brexit referendum on 23 June 2016 many claims have been made suggesting Russian involvement in attempting to influence the vote. This involvement is argued to include targeted and well-constructed online influence operations designed to sway public opinion through the distribution of disinformation and hyper-partisan content. Similar claims of interference have been made in France, Germany and most notably the 2016 US Election, with the political ramifications ever increasing.

By John Gallacher

This concern of involvement in Brexit is such that UK Government Commons Culture, Media and Sport Select Committee has been tasked with investigating fake news while the Intelligence Watchdog has been urged to look into Russian influence on the Brexit vote. The chairman of the Commons Committee, Conservative MP Damian Collins, has demanded that both Facebook and Twitter supply examples of posts from the Russian ‘troll farm’, the state-backed Internet Research Agency, about British politics, and has suggested that the companies could face sanctions if they do not cooperate.

Despite this pressure, official responses from both Facebook and Twitter have been limited, and what has been provided suggests a very limited involvement for Russia in the online dialogue. Twitter released just a single account that had paid for advertising in the six weeks before the Brexit vote, while Facebook declared that the Russia-linked Internet Research Agency paid for three ads in the lead up to Brexit, totalling 97 cents, that reached just 200 newsfeeds. Collins labelled the analysis from Twitter “completely inadequate”.

 However, nothing has been provided by either platform about non-paid posts. It is this activity, fake accounts pertaining to be genuine citizens and members of the discussion, that has the potential to be far more damaging to genuine political dialogue.

 Due to this resistance to share information, the vast majority of the evidence of Russian involvement has come from academic research. In November 2017 Twitter suspended 2,752 accounts that were announced to have been linked to the Russian Internet Research Agency and involved in the US Election. This led to a flurry of research in the UK investigating whether these same accounts had been involved in the online Brexit discussions. This distributed research has led to sometimes contradictory findings.

 Researchers at the University of Edinburgh identified that 400 of the Internet Research Agency-linked accounts were active in the Brexit conversations, generating 3,468 individual tweets. Larger degrees of involvement have been suggested by researchers at Swansea University who used open-source Twitter data and Russian-style account features to suggest that up to 150,000 accounts linked with Russia tweeted about Brexit in the run up to the referendum. Similarly, researchers at City University London identified 13,493 accounts that tweeted about the Brexit referendum, only to disappear shortly after the vote. Research by BuzzFeed News used a database of 17 million Brexit-related Tweets and applied network analysis to uncover an additional 45 accounts that were shown to interact heavily with the known Russian accounts published by Twitter (suggesting they are being run in a combined way). Of these new accounts, 21 showed a huge spike of activity on 23 June 2016 – the day of the referendum. Following publication of these accounts, Twitter suspended them all.

 Most recently researchers from the Computational Propaganda Research Project at the University of Oxford analysed their dataset of Brexit referendum tweets and found that 105 accounts linked with Russia’s Internet Research Agency published almost 16,000 tweets combined over two 14-day collection periods in the build-up to the referendum. However, they stressed that this represents less than 0.3% of the total Brexit conversation, and that the level of Russian News content shared across the platform was also relatively small.

 From this it is clear that there is not yet a consensus on the level of Russian Involvement. The reason for such disparity is due both to the difficulty of conducting this type of research - attribution in cyber space is notoriously difficult - and to the closed nature of social networking sites in sharing data. Twitter makes at most 1% of all Tweets available at any one time through its search API, and its sampling method is not known. Additionally, historical collection of datasets are not freely available and so research is reliant on datasets collected at the time for different purposes. Comparatively, Facebook is even less open.

Because of this, researchers rely on using sub-optimal metrics, many layers of abstraction and different starting points. Using the list of accounts active in the US election is unlikely to highlight all of the Russian Twitter activity during the Brexit referendum six months earlier, due to likely changes in the accounts used over time, or for different purposes.

The pressure being applied to Facebook and Twitter is sharply rising. Damian Collins has given Facebook and Twitter until 18 January to hand over the requested information about Russian information operations targeting UK politics conducted on their platforms. If they comply, then the degree of involvement in Brexit may become better understood: until then the picture remains unclear.

Once the degree of involvement is established then the real work in investigating the impact that these information operations had can begin – a much more difficult task. 

John Gallacher is a DPhil Researcher in Cyber Security at the University of Oxford. 

You Might Also Read:

Russian Fake Brexit Tweets & Attacks On The UK:

Macron Hackers Linked To Russian Intelligence:

Russia Plans To Shut Facebook For Its Election:

Bashing Facebook Is Not The Answer To Curbing Russian Influence Operations:

« Risky Business - Going Driverless In Moscow
British Police Continue A Secret Snowden Investigation »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

FT Cyber Resilience Summit: Europe

FT Cyber Resilience Summit: Europe

27 November 2024 | In-Person & Digital | 22 Bishopsgate, London. Business leaders, Innovators & Experts address evolving cybersecurity risks.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

NCX Group

NCX Group

NCX Group is committed to helping customers identify and mitigate the risks inherent in today’s interconnected environments and business processes.

World Privacy Forum (WPF)

World Privacy Forum (WPF)

The World Privacy Forum is a non-profit public interest research group that focuses on privacy and technology issues.

National Defence Radio Establishment (FRA) - Sweden

National Defence Radio Establishment (FRA) - Sweden

The National Defence Radio Establishment (Försvarets Radioanstalt), is the Swedish national authority for Signals Intelligence, also providing Information assurance services to government authorities.

Protenus

Protenus

Protenus provide a solution to proactively monitor and protect patient privacy in the electronic health record (EHR).

Cyber London (CyLon)

Cyber London (CyLon)

CyLon is a leading cyber security accelerator and seed investment programme. We help entrepreneurs from across the globe to build cyber security businesses, raise investment, and develop partnerships.

Sqreen

Sqreen

Sqreen is a web application security monitoring and protection solution helping companies protect their apps and users from attacks.

Cygilant

Cygilant

Cygilant is a SOC2 certified service provider that combines MSSP and Incident Detection and Response (IDR) capabilities managed by global SOCs staffed with trained security engineers.

Standards Council of Canada (SCC)

Standards Council of Canada (SCC)

SCC leads and facilitates the development and use of national and international standards and accreditation services in Canada.

Cyber Threat Defense (CT Defense)

Cyber Threat Defense (CT Defense)

CT Defense specialize in penetration testing and security assessments.

Kiuwan

Kiuwan

Kiuwan provide software security solutions with SAST and SCA source-code analysis that fit into your DevOps process.

Cryptoloc

Cryptoloc

Cryptoloc's core business is developing solutions designed to protect businesses from all kinds of security threats using a unique patented cryptography.

Maritime Transportation System Information Sharing and Analysis Center (MTS-ISAC)

Maritime Transportation System Information Sharing and Analysis Center (MTS-ISAC)

MTS-ISAC promotes and facilitates maritime cybersecurity information sharing, awareness, training, and collaboration efforts between private and public sector stakeholders.

Cider Security

Cider Security

Cider Security - It’s time to revolutionize the way Security, Dev and DevOps teams work together to supercharge security at the speed of engineering.

CyberGate Technologies

CyberGate Technologies

CyberGate Technologies is a world-class, customer focus cyber security service and consultancy company operating the UK, Europe, Middle East, and Africa.

Deepware

Deepware

Deepware is an emerging AI research company dedicated to exploring the potential of GenAI in both generation and detection.

Permiso Security

Permiso Security

Permiso combines industry leading Identity Security Posture Management with Identity Threat Detection and Response, leaving no place to hide for identity threats lurking in your environment.