One big thing I learned from the @Graphika_NYC report on Roger Stone's inauthentic social media network was just how much of an environmentalist he is. This sock puppet @GladstoneLaura for ex. promoted this Facebook group facebook.com/flforcleanwate… #RogerStone #infosec #osint

The Floridians for Clean Water group really intrigued me as it had some odd memes like this one. And in the process of researching what that was all about I stumbled upon the hashtag #FloridiansForCleanWater #RogerStone #infosec #osint

Looking at the handful of accounts using #FloridiansForCleanWater in 2016 there were 4 accounts (@LifesABeach_1 @Kateopoly @AmandaSwimChamp @JennyBennyPenny) all claiming 2b from different parts of Florida & heavily using this hashtag in a very repetitive manner. #infosec #osint

The accounts used URL shorteners to send viewers to this Facebook page (facebook.com/Floridians-For…) which now redirects to the still live Facebook group at facebook.com/flforcleanwate…. The first tweet in this campaign was on June 26th at 11:55 am #infosec #osint

It quickly became obvious that the accounts were being automated ... likely scheduled within the app Hootsuite to repeat 2 tweets every 10 minutes like shown here. #infoOps #osint #infosec

The campaign soon brought in 2 more accnts so that now four different accounts were rotating every 5 mins. Two accounts tweeted out at the same time & then two new ones 5 mins later. And always 5 mins apart at this point for hours and hours consecutively. #infoOps #osint #infosec

The last rotation of four occurred on 06-28-16 at 11:05 PM. In all, just over 710 total tweets using the #FloridiansForCleanWater hashtag were sent to specific other Floridians tagged in the tweet over roughly a three day period. #infoOps #osint #infosec

So who were these accounts, posing as attractive young female Floridians concerned about clean water issues? They directed over 700 other Florida residents via the tagging method 2 a facebook group called "Floridians for Clean Water". Clearly created specifically 4 this campaign

The tweets coming from these four accounts were automated and scheduled, likely via the app Hootsuite & the tweets were mostly published every 5 mins nearly around the clock. These profiles of daily tweet activity very clearly display significant bot behavior. #infoOps #osint

The profile pics were also not those of Floridian residents. Amanda @AmandaSwimChamp from Orlando Florida was actually model Aneta S. from Prague of the Czech Republic #infoOps #osint #infosec

Kate @Kateopoly of West Palm Beach, Florida was actually model Hayley_Novelli from Sydney Australia. #infoOps #osint #infosec

And Jenny @JennyBennyPenny of Clearwater Florida was really model Anita Sikorska from Poland. A reverse image search for the profile pic used by the account @LifesABeach_1 turned up no matches. #infoOps #osint #infosec

Okay I clearly need to work out bugs on video to GIF conversion. Apologize for that. It properly conveys the series of automated tweets. So this story actually doesn't end here. Most of the tweets had no likes or RTs but a few did and the boosting accounts were VERY interesting.

A significant number of the accnts that liked the #FloridiansForCleanWater tweets were hacked accounts that were turned into soft porn accnts spreading #malware or links to "Dirty Tinder" sites. Most were only active in 2016. And a couple of accounts like this. #infosec #osint

There is alot of data & links to Russian hosted DirtyTinder and/or redirector sites from these Goo[.]gl URL shortened links so extreme caution if you choose to follow any of them. Hope to shed more light on this later. Here's one such account that I fuzzed out a little. #infosec

You can see how this is likely a hacked account given the original tweets from 2012 were mundane tweets of a personal nature and then there is a 4 yrs gap and then links to "Dirty Tinder" related sites hosted on Russian infrastructure. #infoOps #osint #infosec