Share this page!

Ben Nimmo Profile picture
Twitter logo
3 Mar, 8 tweets, 3 min read
Five takedowns for CIB from the @Facebook investigative team last month.

Thai military, domestic targeting
Iran, targeting Iraq, Israel, Afghanistan, UK
Iran, domestic + regional
Morocco, domestic focus
Russia, targeting the Navalny protests

Link: about.fb.com/news/2021/03/f…
A range of behaviours here. Influence ops take many forms.

Fake a/cs posting to multiple pages to make content look popular
In-depth personas to seed geopolitical content
Large numbers of fakes to spam hashtags and geotags
GAN-generated faces, in bulk, but sloppily done.
First, the Thai Military’s Internal Security Operations Command.

About 180 assets, esp. active in 2020, posting news, current events, pro-military and pro-monarchy content, anti-separatist.

Stock profile pics, some posing as young women.

Found by internal investigation.
Iran (1): about 450 assets, mostly accounts, targeting Iraq, plus Israel, Afghanistan, the UK/Scotland.

Almost non-existent engagement, and - a nice touch - they took a day off on the anniversary of the Islamic Revolution in Iran in February 2021.
Iran (2): <30 assets posing as geopolitical analysts and news outlets, mostly created late 2020.

Posted about domestic issues (pro-gov't), supporting Iran's foreign policy, criticizing US and Saudi foreign policy. As so often with Iranian IO.

Found by internal investigation.
Morocco: about 400 assets.

Amplifying content in groups, and posting comments and pro-government, anti-opposition content.

Initial lead from @amnesty.
Finally, Russia. 500+ recent fake Instagram accounts targeting pro-Navalny protests.

Spammed protest hashtags & geotags w/ negative / irrelevant content. Detected and disabled soon after they started.

Hashtags incl Путинуходи, СвободуНавальному (Putin Leave, Free Navalny).
The accounts looked bulk-created and bought. Some also posted about fashion.

Some used sloppy AI-generated profile pics, which is a tactic that keeps cropping up in influence attempts. But it can make them easier to spot by eyeball, and doesn’t change behaviour signals.

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Ben Nimmo

Ben Nimmo Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @benimmo

Ben Nimmo Profile picture
5 Feb
Some personal news: today’s my last day at @Graphika_NYC.

My team did amazing investigative work and research into influence ops from Russia, Iran, China and many other places.

We’ve broken new ground, and I couldn’t be more proud of the team @camillefrancois and I built.
Next week, I’m starting at Facebook, where I’ll be helping to lead global threat intelligence strategy against influence operations.

I’m very excited to join one of the best IO teams in the world to study, catch and get ahead of the known players and emerging threats.
As a community - platforms, researchers and journalists - we’ve all come a long way since the dawn of this field of research.
Read 13 tweets
Ben Nimmo Profile picture
4 Feb
JUST OUT: Update on pro-China op Spamouflage Dragon.

Still spammy, but prolific and persistent, and getting some traction for the first time.

Over 1,400 videos in the last year.

Including geopolitical rivalry with the US.

@Graphika_NYC report: graphika.com/reports/spamou…
Spamou works on YouTube, Twitter, Facebook.

Mainly videos in Mandarin, Cantonese, or Mandarin + English.

Low quality, high volume, on:

Guo Wengui (from 2018)
Hong Kong protests (2019)
Chinese achievements (Feb 2020)
US crises (early 2020)
US-China rivalry (mid-2020)
We don’t have attribution on this op yet.

It’s persistent, well enough resourced to produce over 1,400 videos in a year, and closely tracks Chinese state messaging.

But who exactly is running it remains a question.
Read 30 tweets
Ben Nimmo Profile picture
4 Feb
Well this is big.

UK telecoms regulator @Ofcom just revoked the licence of Chinese state broadcaster CGTN to broadcast in the UK, arguing the licence is held by an entity which doesn't have editorial control, in breach of UK rules.

ofcom.org.uk/about-ofcom/la…
Important to underline this is not about content.

Ofcom found that the company which held the CGTN licence, Star China Media, didn't have editorial control.

CGTN offered to transfer to a different entity, but it's ultimately controlled by the CCP, and therefore disqualified.
On the content side, though, CGTN *was* found guilty last year of breaking the rules on due impartiality with its coverage of the Hong Kong protests.

Turns out they didn't give the protesters a fair hearing.

ofcom.org.uk/__data/assets/…
Read 5 tweets
Ben Nimmo Profile picture
29 Jan
And this, just out from @MsHannahMurphy and @SVR13: questions about the hundreds of thousands of followers that the same Huawei Western Europe execs have.

ft.com/content/0411bc…
I'll leave it to others to analyse the 800k+ accounts involved in these followings, but one anecdotal sidelight on the fake network of accounts that attacked Belgium: some of its other amplification came from glambots from a network that also boosted Huawei Europe.
Glambots = automated accounts that use profile pictures taken from glamour shoots and similar sources.
Read 7 tweets
Ben Nimmo Profile picture
29 Jan
Great report by @satariano on a fake network that @Graphika_NYC (and others) found in December.

Twitter accounts with GAN faces, boosting Huawei, boosted by Huawei execs, and attacking Belgium's 5G policies.

Not enough evidence to prove who ran them.

nytimes.com/2021/01/29/tec…
We found this network when it was boosted by Spamouflage, a pro-China operation.

Independently, @mvanhulten of @TI_EU and @ArbiterOfTweets of @Knack found it with different methods.

It's not a friendly environment for fake campaigns, folks.

graphika.com/reports/fake-c…
This was the first account we found.

"Alexandre, PhD", apparently a CEO.

But no surname, no indication of what he's a CEO of, and a GAN-generated profile pic.
Read 23 tweets
Ben Nimmo Profile picture
23 Jan
One sidelight on the Russian protests today: #Navalny is probably the single most consistent target of Russian disinfo and influence operations.

He's been a target for at least 8 years, by ops including the Internet Research Agency, Secondary Infektion, and the Kremlin.
Way back in September 2013, @Soshnikoff investigated the then newly founded Internet Research Agency, and reported that it had been trolling Navalny when he ran for Mayor of Moscow.

mr-7.ru/articles/90769/
January 2014: op Secondary Infektion set up its most prolific persona, with a pic of Navalny’s face painted blue. It started out by attacking the Russian opposition.

The username, bloger_nasralny, is a toilet pun on his name.
Read 11 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!

Follow Us on Twitter!

Like this author's thread?

Get emails when @benimmo has new unrolls!

Check out other threads from @benimmo!

Read all threads by @benimmo