Skip to content
Naked Security Naked Security

Facebook bans midterm-meddling accounts and pages

Facebook says it has removed 32 Pages and accounts from Facebook and Instagram for violating its policies.

In November the USA faces its midterm elections for House and Senate and Facebook has spotted what it thinks are efforts to screw with them.
On Tuesday, the platform announced that it has removed 32 Pages and accounts from Facebook and Instagram because they were involved in the same type of “coordinated inauthentic behavior” – behavior that’s against Facebook policy – that meddled with public discourse and the 2016 US presidential election.
Facebook can’t tell us who’s behind the coordinated accounts, it said: it’s still in the “very early stages” of its investigation and doesn’t yet have all the facts, but will update its post when it gets more details or if the facts change.
It’s sharing the information now because of what it calls a connection between “bad actors” and protests scheduled for next week.
On 12 August, the Capital will be the staging ground for another Unite the Right Rally that will attract white supremacists and neo-Nazis to town. Once again, as in the 2017 rally, they’ll be met by Black Lives Matter counter-protesters. Last year’s Unite the Right rally in Charlotte, North Carolina, resulted in violent clashes and the death of a 32-year-old woman when a driver plowed into a group of counter-protesters.

What Facebook knows

Whoever set up the banned accounts did a much better job at obscuring their true identities than the Russian-based propaganda factory known as the Internet Research Agency (IRA) has in the past. Facebook thinks it deserves credit for that: it’s made changes that mean that bad actors have to jump over higher hurdles to do their skulduggery.
For example, this recent crop of bad actors have used Virtual Private Networks (VPNs) and internet phone services to cover their tracks. They’ve also paid middlemen to run ads on their behalf. Facebook says that the banned accounts and Pages ran about 150 ads for approximately $11,000 on Facebook and Instagram, paid for in US and Canadian dollars. The first ad was created in April 2017, and the last was created in June 2018.
Some of the behavior is consistent with what Facebook saw from the IRA before and after the 2016 elections, it said. The social network has also found evidence of some connections between the recent fake accounts and the IRA accounts it purged last year. Facebook has noticed at least one difference, though: so far this year Facebook hasn’t seen any Russian IP addresses crop up.
The banned pages were picking up a good number of followers before Facebook shut them down: in total, more than 290,000 accounts followed at least one of the pages, the earliest of which was created in March 2017. The latest was created in May 2018.
The most followed Facebook Pages were “Aztlan Warriors,” “Black Elevation,” “Mindful Being,” and “Resisters.” The remaining Pages had between zero and 10 followers, and the Instagram accounts had zero followers. Warriors of Aztlan, for one, still has a Twitter account. It tweets out pro-Native American, progressive content. Shown below is a sample of its Facebook content, as well as content from the banned pages of Resisters, Black Elevation and Mindful Being.

Resisters also created a Facebook Event for a protest on 10-12 August – a protest that got real people to support it. The Event, “No Unite the Right 2 – DC”, was scheduled to protest the Unite the Right rally next week.
Facebook says that fake admins of the Resisters Page connected with admins from five legitimate Pages to co-host the event. The legitimate Pages unwittingly helped build interest in “No Unite Right 2 – DC” and posted information about transportation, materials and locations so people could get to the protests, Facebook says.

Facebook disabled the event on Tuesday and told the admins of the five other Pages what was going on. Facebook also updated a large group of people who were interested in the event: the event interested about 2,600 users, while more than 600 users said they’d attend.
It’s those interactions with legitimate Pages that helped Facebook determine which accounts were put up by the Russian election meddlers last year, the company said. The same kind of ties can be found between last year’s bad actors and the most recently banned accounts and Pages.

Specifically, Facebook found that one of the IRA accounts it had disabled last year shared a Facebook Event hosted by one of the most popular fake pages: the Resisters Page. Resisters very briefly had a co-administrator (for a whopping 7 minutes) that was a known IRA account.
These discoveries helped Facebook uncover the other fake accounts it disabled on Tuesday, it said.
Facebook says that it “may never be able to identify the source” for the fake accounts. Facebook’s chief security officer Alex Stamos:

The set of actors we see now might be the IRA with improved capabilities, or it could be a separate group. This is one of the fundamental limitations of attribution: offensive organizations improve their techniques once they have been uncovered, and it is wishful thinking to believe that we will always be able to identify persistent actors with high confidence.

But just because attribution is tough doesn’t mean Facebook isn’t doing something, Stamos said. Facebook doesn’t need to confidently attribute identity, or links to foreign actors, in order to enforce its policies against those who violate them, he said.
Facebook’s plan: to work “much more closely with law enforcement and other tech companies to better understand the threats we face.”

1 Comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Subscribe to get the latest updates in your inbox.
Which categories are you interested in?
You’re now subscribed!