At a glance.
- Facebook takes down coordinated inauthenticity.
- A London court finds against the compilers of the Steele Dossier.
- Natanz as a case of misdirection and strategic ambiguity.
- Emirati catphish?
Facebook takes down coordinated inauthenticity.
Facebook yesterday took action against several networks for violations of the social medium’s policies “against foreign interference and coordinated inauthentic behavior.” The networks were based in four countries: Brazil, Canada, Ecuador, Ukraine, and the US.
The takedown was noteworthy for the prominence of political messaging directed at domestic audiences. The networks in Canada and Ecuador exhibited both inauthenticity and foreign interference (aimed at audiences in El Salvador, Argentina, Uruguay, Venezuela, Ecuador, and Chile). The messaging here had a political dimension as well, but few obvious political commitments, often coming down on opposite sides in matters of electoral politics. Facebook said it was able to connect the activity to “political consultants and former government employees in Ecuador” and also to Estraterra, a Canadian public relations firm. They spent about $1.38 million on Facebook ads. In the aggregate these accounts amounted to 41 Facebook accounts, 77 Pages, and 56 Instagram accounts. The Pages had 274,000 followers. Some 78,000 people followed the Instagram accounts. Estraterra is no longer welcome on Facebook’s platform.
But the networks in Brazil, Ukraine, and the US are in some ways more interesting, because they were taken down for using coordinated inauthenticity to engage domestic audiences. Facebook acknowledged the complexities of finding limits on political speech:
"Domestic campaigns like these raise a particularly complex challenge by blurring the line between healthy public debate and manipulation. Our teams will continue to find, remove and expose these coordinated manipulation campaigns, but we know these threats extend beyond our platform and no single organization can tackle them alone. That’s why it’s critical that we, as a society, have a broader discussion about what is acceptable political advocacy and take steps to deter people from crossing the line."
The activity in Brazil, Facebook said, was linked “to individuals associated with the Social Liberal Party and some of the employees of the offices of Anderson Moraes, Alana Passos, Eduardo Bolsonaro, Flavio Bolsonaro and Jair Bolsonaro,” Mr. Bolsonaro being, of course, Brazil’s current president. This network also bought Facebook ads, but only to the chickenfeed amount of $1500. The operators, however, got a decent bang for their buck: with their 35 Facebook accounts, 14 Pages, 1 Group, and 38 Instagram accounts, the Pages attracted 883,000 followers, some 350 accounts joined the Group, and 917,000 people followed the Instagram accounts.
In Ukraine the coordinated network was “particularly active during the 2019 presidential and parliamentary elections.” It posted about various issues of domestic interest, including Russia’s occupation of Crimea and Ukraine’s relationship with NATO. It also appeared to support some candidates, “including Volodymyr Zelensky, Yulia Tymoshenko, and Petro Poroshenko.” They spent about $1.93 million on Facebook and Instagram ads. Their cost of audience acquisition was noticeably higher than the Brazilian operators. The nearly $2 million in ad buys got their 35 Pages 766,000 followers and their 13 Instagram accounts just 3800 followers.
Finally, the activity in the US was connected to the already banned Proud Boys group, whose attempts to get back onto Facebook the social network was watching. In the course of that investigation they identified a number of inauthentic accounts that the Washington Post connected to former political consigliere Roger Stone, who until his conviction for lying and witness tampering had been an advisor to President Trump. Facebook credits sealed court records in the case of the United States v. Stone, released after a petition by several news organizations, with helping it recognize the coordinated inauthenticity. This network also bought ads, more than the Brazilians but less than the others, not quite $308,000, according to Facebook. 260,000 people followed 54 Facebook accounts and 50 Pages;61,500 people followed 4 accounts on Instagram.
Among the samples of material circulated by the Stone-associated network was a page that asked, "What? Hillary Clinton gets a pass from the FBI but the Democrats want the FBI to investigate Roger Stone?" OK, so arguably a question one might ask, but that's not the point. The point is that the accounts used initially to amplify the question to gain traction were for the most part bogus. One such account was for "President Bernie Sanders." With apologies to anyone named "Bernie Sanders" who's president of a local PTA or garden club, Senator Bernie Sanders (Independent of Vermont) isn't president, nor is he all that likely to be woofing in the interest of Mr. Stone. The President Bernie Sanders posts given as examples are more hostile to Ms. Clinton than they are favorable to Mr. Stone, but the same principal applies: the accounts represent coordinated inauthenticity.
A court decision on the Steele Dossier.
Much of the coordinated inauthenticity in the Stone-linked accounts were active before and shortly after the last US presidential election, between 2015 and 2017. Since then Facebook notes the accounts have tended to fall dormant. Another bit of 2016 election disinformation also resurfaced this week in London, where a British court yesterday found against Christopher Steele's firm Orbis Business Intelligence Ltd. in a defamation suit brought by two Russian bankers, Petr Aven and Mikhail Fridman, whom the "Steele Dossier" falsely alleged to have bribed Russian President Putin in the 1990s. The judge ruled that Mr. Steele has "failed to take reasonable steps" to verify the claim, which has been found to be false. Damages weren't heavy, coming to £18,000 (about $23,000) to each of the two plaintiffs, but they said they welcomed their official vindication. Mr. Steele argued in his defense that the "Steele Dossier" (commissioned, the Wall Street Journal reminds its readers, as opposition research against then-candidate Trump) represented preliminary research, and that he never intended for BuzzFeed to publish it.
Misdirection and strategic ambiguity.
The BBC reports that Tehran says it knows what caused the fire at Natanz, but that Tehran isn’t saying. It looks, however, more like physical sabotage than either an accident or the “kinetic cyberattack” that was the subject of weekend speculation. And whoever’s speaking for the self-described Iranian dissident group, the “Homeland Cheetahs,” appears to have had advance knowledge of the incident, but the putative group materialized from nowhere and increasingly looks like a false flag.
The Washington Post quotes an anonymous “Middle Eastern security official” who spoke on condition that both his identity and nationality be concealed to the effect that the damage was caused by a bomb placed inside the facility. The operation, that source says, was an Israeli effort to “send a message” that would deter Iran from accelerating its pursuit of nuclear weapons.
Here's the background. An explosion and fire at Iran’s Natanz uranium processing center last Thursday is being widely attributed to a cyberattack, by Iranian sources and others. Tehran said that investigators had determined the cause of the attack but were withholding details for security reasons. Reuters says that some unnamed Iranian officials said it was either a US or Israeli cyberattack, but while promising retaliation for any cyberattack against its nuclear facilities, Iran stopped short of publicly blaming either the US or Israel.
Breaking Defense cited Israeli cyber experts who were quick to call the incident a "kinetic cyberattack," but who also said it wasn't an Israeli operation. Over the weekend senior members of the Israeli government, including Foreign Minister Ashkenazi and Defense Minister Ganz, issued soft denials, or non-denial denials, the Jerusalem Post reports, apparently intended to preserve strategic ambiguity.
Before the fire became public knowledge Thursday, the BBC's Persian service said a self-proclaimed Iranian dissident group, the "Cheetahs of the Homeland," claimed responsibility for the sabotage. But, as the AP points out, there's some implausibility in the Cheetahs' self-presentation. The name, for one thing, is an homage to a national soccer team, and the messaging elements are oddly mixed. Could they be an actual dissident group? Sure--there’ve been and continue to be Iranian dissidents. Could it be misdirection, a false flag? That’s equally possible.
So, while satellite imagery and Iranian statements confirm a destructive fire, beyond that it's unclear what happened. It’s worth noting that Breaking Defense's sources understand "cyberattack" expansively, including possible remote disabling of security cameras to facilitate sabotage. And, of course, talk of a cyberattack could itself be misdirection. Many of the observers talking to the press are calling this recent attack as coarse and inartistic when compared to Stuxnet. Accident or conventional sabotage are at least as (and arguably more) probable, as Forbes sensibly notes.
Many of the original accounts of a cyberattack are being sourced to outlets in Kuwait--see, for example, the stories in SecurityWeek and Computing, both of which cite Al-Jarida. Expect cybertensions among Iran and its regional and global adversaries to remain high.
Catphish for the UAE.
An investigation by the Daily Beast has exposed a journalistic persona, one “Raphael Badani,” represented as an international affairs expert whose bylines have appeared in the Washington Examiner, RealClear Markets, American Thinker, and the National Interest.
There is, however, no such guy at all. Raphael Badani’s online pictures were scraped from the unknowing site of a San Diego entrepreneur who had no idea his image was being appropriated. And Raphael Badani’s profile claimed degrees from George Washington and Georgetown Universities, but, sorry, no, he didn’t attend either. In fairness to Raphael Badani, how could he have attended? After all, poor dude doesn’t even exist, and trust us, it’s tough to get through a university program when not only are you not there, you’re not anywhere. You thought distance learning was tough? Try non-existence learning.
The Badani persona wasn’t a lonely one-off, either. It...he?...no, it figured in a network that boasted a lineup of at least nineteen other policy catphish whose general line was to praise the United Arab Emirates and advocate a harder line toward Qatar, Turkey, and Iran, and toward those nations’ proxies in the Levant.
Their work also appeared in Human Events, the Post Millennial, the Jerusalem Post, Al Arabiya, and the South China Morning Post. The catphish were often linked to the Arab Eye and Persia Now, which served as central sites for sourcing their work. Some of the news outlets, notably the Washington Times, have taken down the contributed content with a brief notice. Others still have it up.
Twitter yesterday took down a number of accounts associated with the coordinated inauthenticity, but the whole episode serves as a useful cautionary tale of the relative ease with which it’s possible to place pieces, especially as op-eds in news outlets. It’s even easier if their editorial boards are disposed to a sympathetic hearing of your message.
You may have heard the old saw, the enemy of my enemy is my friend. Or the underworld platitude, keep your friends close but your enemies closer? Here’s another one for us to consider: keep the enemies of your enemies closest of all. They may not have your best interests at heart.