US Intelligence Keys in on the Russian ‘Troll Army’ Manipulating Social Media

When Facebook posts and tweets blamed Ukrainian rebels for downing a Malaysian jet there last year, U.S. spies studied social media trend lines to gauge public opinion of the Kiev-Moscow conflict.

The number of Facebook "likes”; statistics on retweets and "favorited” tweets; and other social media analytics told one story. But intelligence officials know that, increasingly, autocracies are deploying "trolls" – robotic feeds or paid commentators – to sway social media trends.  So officials say they were cautious when compiling situation assessments.

Such messaging can become dangerous when it casts doubt on ground truth. 

Director of National Intelligence James Clapper depends on open source information in addition to classified material, to provide American decision-makers with objective information. There is a concern that social media campaigns orchestrated by overseas powers could distort open-source intelligence gathering, some US officials say. 

"As various situations unfold in other countries -- and Clapper has got to be able to advise the president and other senior leaders in the government on what are the likely outcomes, what are the range of possibilities -- having the best information possible is crucial," ODNI Science and Technology Director David Honey told Nextgov.

"There are rigorous, rigorous processes to try and always make sure that the information is correct,” he added. “That's where I would worry: If one of our tools gave an incorrect forecast, it could lead to giving bad advice to the senior leadership.”

Already, adversaries have tried to distort online perceptions, he acknowledged, providing the example of the social media swirl around the July 2014 crash of Malaysia Airlines Flight 17.

"There may be a disagreement on the part of Russia on what happened on the aircraft that was downed in that part of the world. And so people will take different data sources and try to use them to their own purposes," Honey said.

Facebook and Twitter analytics help with "sentiment analysis," or understanding how certain groups observe and feel about current events.  

The actual cause of the disaster, which killed all 298 people on board, has become a flashpoint. U.S. ally Ukraine alleges pro-Russian separatists shot down the plane over territory they controlled.

"Russia may be motivated to try and create one impression," Honey said. "Coupled to that is the issue of Ukraine, and again sentiment analysis -- what are the opinions of the people on the ground? What are the opinions of people in Russia? It's all important to us to be able to give an understanding of what does it mean."

The counter-narrative promoted by Moscow’s “troll army” of patriotic bloggers has been that a Ukrainian plane -- not Russian-backed rebels -- shot down MH17. Right now, foreign investigators are probing parts from what might be a Russian-made Buk antiaircraft missile system that were recently discovered near the crash site, according to CNN. 

Reality Checks
The process of differentiating between a real, grassroots social media storm and AstroTurf campaigns in the blogosphere is not an exact science yet, Honey said. The trickiness of discerning fact from fiction also crops up in online punditry during campaign season, for instance, he said.
"Is somebody going and blogging 100 times under different names? How do you figure that out? That's a challenge. And so with any of these technologies, you really have to think through how they can be used, how somebody could game them and make sure that you are getting accurate answers," Honey added.

This is especially true now, because it's fairly easy for computer programmers to create bots -- formulas that chatter online like real users.

To do a reality check, "there are statistical approaches to be able to try to figure out if there are correlations between posts that are just a little too close to be different people," Honey said. While Twitter and Facebook try to police fraud, "the ability to spoof the algorithms that check if it's a human" is a different matter.  The DNI earlier this month published an unclassified five-year science and technology strategy for startups to read, partly so that intelligence analysts can gain insight into tech inventions before nefarious hands do.  

"The people who are developing them at the time aren't the kind of people to abuse technology, so they don't necessarily think through how a bad actor might try to manipulate any of the technology," Honey said. "You've got to be able to think through at some point, hopefully in advance, how they might be misused or how somebody might try to trick you into thinking you've got one thing when in fact you've got something else?”

More than half a decade ago, China pioneered the practice of falsifying social media communications to influence perceptions of Beijing's ruling party.

Chinese Facebook and Twitter conversations surrounding Tibetan civil liberties were a common target.

"This has involved creating fake accounts that publish and/or retweet stories on economic development and ethnic harmony in the region and the use of bots to drown out other voices," said Adam Segal, who researches China and cybersecurity at the Council on Foreign Relations.

In 2012, several hundred bots flooded Twitter discussions using the hashtags #Tibet and #Freetibet with meaningless tweets and spam, Segal noted on the think tank's blog at the time.

"If you were someone trying to learn more about Tibet, you kept bumping up against these threads, and eventually you may have given up and moved on to some other subject," he said.

The Associated Press reported in late May that Serbs receive most of their information about Russia from coerced typists that parrot the Kremlin party line. As a result, there is a widespread belief in Serbia that Kiev officials are neo-Nazi, according to the AP. 

Last month, Forbes columnist Paul Roderick Gregory said an article he wrote the day after the MH17 incident, in which he alleged Russian separatists shot down the plane, has received more than 100 comments from Russian trolls. 

Putin’s keyboard operatives “assert the offending bloggers are CIA spies, professional photo shoppers, forgers, Russia haters, hokhols (a derogatory expression for Ukrainians) -- perhaps even insane,” Gregory wrote in July. “These trolls keep busy by poking holes in the evidence, and the more absurd, the better (false facts, Photoshopped images). Their job is to raise doubts and cause confusion."

A Captive Audience
Now other countries, including Middle Eastern regimes not too happy about the Arab Spring, are staging messaging operations to counter Western views. 

Advocacy group Freedom House noticed that last year, 24 of the 65 countries the organization monitors for online censorship were engaging in some form of pro-government social media tampering, said Sanja Kelly, director of the group's Freedom on the Net project. One recent example: Azerbaijan, which hosted this summer's European Games, took to Twitter to deflect international criticism of its human rights record. At several points in the run-up to the games, pro-government tweets from multiple accounts appeared at roughly the same time, the BBC reported.

The official organizing committee and a coordinated fleet of users tweeted positive images of Azerbaijan's capital, Baku. A large group photo of participants crouching and standing, with national flags from across Europe in the background, carried the message: #Azerbaijan athletes with @azpresident #Azerbaijan #baku2015 #realbaku2015 #europeangames #biginbaku #ilove azerbaijan"

It's hard to quantify the success rate of fabricated online campaigns but anecdotal evidence suggests the oppressors are winning the hearts and minds of the citizenry, Kelly said.

"Just looking at it more from a qualitative perspective, it seems that it is being effective -- because most people cannot tell the difference between a legitimate tweet or a legitimate comment and comments made by these trolls," she said. "If you are the average reader, there would be no reason for you to believe that this exchange” tarnishing the reputation of a dissident “is not legit.”

Based on general studies of regimes that filter Internet content, the governments "are able to propagate their message and hold their population captive, in a way, because they are not able to get alternative sources of information,” Kelly added. 

NextGov

« Snowden Has No Plans to Leave Russia
Anonymous Launches Cyber-Attacks Against ISIS »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Infoblox

Infoblox

Infoblox solutions help businesses automate complex network control functions to reduce costs, increase security and maximize uptime.

US Cyber Command (USCYBERCOM)

US Cyber Command (USCYBERCOM)

USCYBERCOM conducts activities to ensure US/Allied freedom of action in cyberspace and deny the same to our adversaries.

Potomac Institute for Policy Studies

Potomac Institute for Policy Studies

Potomac Institute undertakes research on key science, technology, and national security issues facing society, Study areas include cybersecurity.

ABL Cyber Academy

ABL Cyber Academy

ABL provide certified training courses in the field of cyber security and IT project management.

Soracom

Soracom

Soracom offers secure, scalable, cloud-native connectivity developed specifically for the Internet of Things.

CyberSift

CyberSift

CyberSift is a cyber security provider. We develop threat detection software which needs no infrastructure changes as it integrates with almost any security tool.

Digital Ship

Digital Ship

Digital Ship provides news, information, conferences and events focused on digital ship systems, information technology and security relating to maritime operations.

Government Communications Security Bureau (GCSB)

Government Communications Security Bureau (GCSB)

GCSB contributes to New Zealand’s national security by providing information assurance and cyber security to the New Zealand Government and critical infrastructure organisations.

Gula Tech Adventures

Gula Tech Adventures

Gula Tech Adventures invests in companies and nonprofits that help close the gap in needed technology and workforce to defend the country in cyberspace.

QuoIntelligence

QuoIntelligence

QuoIntelligence experts can help your team understand the evolving cyber threats and provide simple yet comprehensive recommendations so you can focus on what matters.

CACI International

CACI International

CACI is at the forefront of developing and delivering technological breakthroughs that transform and optimize government operations.

Island

Island

Island puts the enterprise in complete control of the browser, delivering a level of governance, visibility, and productivity that simply weren’t possible before.

OneLayer

OneLayer

OneLayer provide enterprise grade security dedicated for private LTE/5G networks. We ensure that the best IoT security toolkit is implemented in your cellular environment.

Gravitee

Gravitee

Gravitee helps organizations manage and secure their entire API lifecycle with solutions for API design, management, security, productization, real-time observability, and more.

ABM Technology Group

ABM Technology Group

ABM Technology Group (formerly True IT) provide business information technology services, solutions, and consulting for small to mid-sized organizations.

SalvageData Recovery Services

SalvageData Recovery Services

Since 2003, SalvageData has been providing high-quality data recovery with the certifications needed to work with any storage media manufacturer.