Meta quarterly “Enemy Threat Report” paints a somewhat depressing picture of the once feared global troll ecosystem: a number of “relatively uncomplicated” organizations trying unsuccessfully to spam their way to relevancy. But just because they don’t do a good job doesn’t mean we can lower our guard.
The report characterizes various forms of hacking and attempts to manipulate online communication, but is sad to read. A handful of people in Greece or Pakistan or Russia in some rundown office, working 9 to 5 and getting hit by automated systems before they can cause any serious harm.
A common theme among most threats is impersonation, where attackers create fake accounts of real people or create original ones using things like AI-assisted content creation. Using the networks of these accounts, often imitating attractive young women, they contact people around the world and try to get them to click on links to malware or fake apps and services.
Needless to say, don’t trust any beautiful stranger you meet online – or anywhere else, for that matter. But the tools they use are often not the most up-to-date, Meta security authors note:
This attacker is a good example of a global trend we’re seeing where low sophistication groups are choosing to rely on commonly available malware tools rather than investing in the development or purchase of sophisticated offensive tools.
There were also several groups running farms ranging from a few hundred to several thousand accounts that were involved in mass reporting and content gathering on Instagram, Facebook and other social media. These groups are usually ideologically driven and target various ethnic groups, religious groups, and political opponents. Some Greek extremists have gone too far (as extremists usually do – it’s right there in the title) and ended up in a winch situation:
According to public reports, individuals associated with this activity have been linked to the kidnapping of a high school principal to conduct COVID-19 screenings. They brought him to the police to report a violation of the constitution, which led to the arrest of the kidnappers.
A good reminder that online harassment often spills over into the real world. Becoming the target of an angry online mob is an increasingly serious threat to your own safety.
The longest part of the Meta Report details Cyber Front Z, a Russian troll farm. first reported by journalists in the country. They tried to organize an astroturfing campaign around the Russian invasion of Ukraine, but, as the report says, “this deception operation was clumsy and largely ineffective.”
There were about a thousand accounts with 50,000 or so subscribers, and the Telegram channel had twice as many. Essentially, the plan was to request real activity from followers — like, “Let’s shout this activist down” — and then fake engagement using fake accounts to make it look like a real mass action is taking place.
Unfortunately for them, the activity was quickly detected and stopped as much as possible. They didn’t seem to care much about appearing to be mob instigators, sometimes publishing opposing views in English and Russian in a matter of minutes. As with other farms, activity patterns indicated that those who were paid to publish on behalf of the organization were likely doing so simply as a side job. (It also helps to explain non-professional methodology.)
All of these networks posted on a fixed schedule with a fixed workday schedule, seven days a week, with a slow start in the morning and a surge towards the end of the day – perhaps because the operators rushed to meet their posting quotas.
While this all sounds pretty innocuous, even a little pathetic, remember that these operations are the background noise of the security world, just like there are always a few real-life scams and scams going on in any city. The fact that they are easy to detect and close is good, but experienced groups are working on much more dangerous things, such as large-scale hacks and more successful manipulation of public opinion. What we can see happens in the rear quite often.
Credit: techcrunch.com /