Share this page!

Ben Nimmo Profile picture
Twitter logo
8 Jul, 11 tweets, 3 min read
JUST OUT: Our monthly report on Coordinated Inauthentic Behaviour takedowns - June 2021 edition.

Eight networks, seven countries.

about.fb.com/news/2021/07/j…
Full details in the report, but a couple of thoughts here.

All but one of the networks focused on domestic targets. That’s not unusual: influence operations so often start at home — remember our recent IO Threat Report?
Historically, even some operations that became (in)famous for foreign interference started domestically.

E.g. the early Russian IRA posted critical commentary about Navalny back in 2013, often on LiveJournal (h/t @soshnikoff)

mr-7.ru/articles/90769/
And one of Russian operation Secondary Infektion’s first cross-platform fake personas in January 2014 was called “bloger Nasralny” (crude pun on Navalny) and featured a profile of Navalny painted blue.

secondaryinfektion.org/report/early-e…
Also this month, a reminder that not all operations are created equal — the ones our team took down in June varied in size, following, targets and techniques.
It’s so important to be discerning. Not all ops are big, or clever, or sophisticated. Here’s a paper from last year, describing one way to judge between them.

brookings.edu/research/the-b…
The operations our team took down in June posted on a wide range of topics, e.g.:

Local elections (Mexico)
Praising the military (Jordan)
Pro- Iranian military and Syrian gov, anti-Saudi Arabia, Israel, US, and Turkey (Iran/Iraq)
(...)
(...)

Posting allegedly hacked / leaked material about the opposition (Algeria)
Criticising Egypt and Sudan for their stance on Ethiopia’s mega-dam (Ethiopia)
The people behind these ops varied too: individuals with links to political parties, campaigns, PR firms, security forces.

If you look back over the last few years of takedowns, this variety of actors (including for-hire ones) has been a steady trend.

about.fb.com/wp-content/upl…
Some of these operations were cross-platform, pushing their narratives in multiple places.

Again, that’s an ongoing trend - Secondary Infektion posted across over 300 different platforms and fora*.
(*Latin plural for grammar nerds)

Five of the eight takedowns resulted from internal investigations, two came from researchers, one benefited from public reporting.

There are so many people hunting for IO now. It’s a community. Let’s keep building it.

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Ben Nimmo

Ben Nimmo Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @benimmo

Ben Nimmo Profile picture
6 May
JUST OUT: 9 takedowns in our April CIB report. Primarily domestic ops:

👉Palestine, linked to Fatah;
👉Azerbaijan, linked to individuals associated with defence ministry;
👉Central African Republic, linked to local NGO;

(More in next tweet...)

about.fb.com/news/2021/05/a…
👉Mexico, 1 network linked to local election campaigns, 1 linked to a local politician and a PR firm;
👉Peru, 1 linked to a local party and an advertising firm, 1 linked to a marketing entity;
👉Ukraine, 1 linked to people associated with the Sluha Narodu party,

And...
👉Ukraine, 1 network linked to individuals and entities sanctioned by the US Treasury — Andrii Derkach, Petro Zhuravel, and Begemot-linked media + political consultants associated with Volodymyr Groysman and Oleg Kulinich.

Deep dive in the report. about.fb.com/news/2021/05/a…
Read 10 tweets
Ben Nimmo Profile picture
3 Mar
Five takedowns for CIB from the @Facebook investigative team last month.

Thai military, domestic targeting
Iran, targeting Iraq, Israel, Afghanistan, UK
Iran, domestic + regional
Morocco, domestic focus
Russia, targeting the Navalny protests

Link: about.fb.com/news/2021/03/f…
A range of behaviours here. Influence ops take many forms.

Fake a/cs posting to multiple pages to make content look popular
In-depth personas to seed geopolitical content
Large numbers of fakes to spam hashtags and geotags
GAN-generated faces, in bulk, but sloppily done.
First, the Thai Military’s Internal Security Operations Command.

About 180 assets, esp. active in 2020, posting news, current events, pro-military and pro-monarchy content, anti-separatist.

Stock profile pics, some posing as young women.

Found by internal investigation.
Read 8 tweets
Ben Nimmo Profile picture
5 Feb
Some personal news: today’s my last day at @Graphika_NYC.

My team did amazing investigative work and research into influence ops from Russia, Iran, China and many other places.

We’ve broken new ground, and I couldn’t be more proud of the team @camillefrancois and I built.
Next week, I’m starting at Facebook, where I’ll be helping to lead global threat intelligence strategy against influence operations.

I’m very excited to join one of the best IO teams in the world to study, catch and get ahead of the known players and emerging threats.
As a community - platforms, researchers and journalists - we’ve all come a long way since the dawn of this field of research.
Read 13 tweets
Ben Nimmo Profile picture
4 Feb
JUST OUT: Update on pro-China op Spamouflage Dragon.

Still spammy, but prolific and persistent, and getting some traction for the first time.

Over 1,400 videos in the last year.

Including geopolitical rivalry with the US.

@Graphika_NYC report: graphika.com/reports/spamou…
Spamou works on YouTube, Twitter, Facebook.

Mainly videos in Mandarin, Cantonese, or Mandarin + English.

Low quality, high volume, on:

Guo Wengui (from 2018)
Hong Kong protests (2019)
Chinese achievements (Feb 2020)
US crises (early 2020)
US-China rivalry (mid-2020)
We don’t have attribution on this op yet.

It’s persistent, well enough resourced to produce over 1,400 videos in a year, and closely tracks Chinese state messaging.

But who exactly is running it remains a question.
Read 30 tweets
Ben Nimmo Profile picture
4 Feb
Well this is big.

UK telecoms regulator @Ofcom just revoked the licence of Chinese state broadcaster CGTN to broadcast in the UK, arguing the licence is held by an entity which doesn't have editorial control, in breach of UK rules.

ofcom.org.uk/about-ofcom/la…
Important to underline this is not about content.

Ofcom found that the company which held the CGTN licence, Star China Media, didn't have editorial control.

CGTN offered to transfer to a different entity, but it's ultimately controlled by the CCP, and therefore disqualified.
On the content side, though, CGTN *was* found guilty last year of breaking the rules on due impartiality with its coverage of the Hong Kong protests.

Turns out they didn't give the protesters a fair hearing.

ofcom.org.uk/__data/assets/…
Read 5 tweets
Ben Nimmo Profile picture
29 Jan
And this, just out from @MsHannahMurphy and @SVR13: questions about the hundreds of thousands of followers that the same Huawei Western Europe execs have.

ft.com/content/0411bc…
I'll leave it to others to analyse the 800k+ accounts involved in these followings, but one anecdotal sidelight on the fake network of accounts that attacked Belgium: some of its other amplification came from glambots from a network that also boosted Huawei Europe.
Glambots = automated accounts that use profile pictures taken from glamour shoots and similar sources.
Read 7 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!

Follow Us on Twitter!

Like this author's thread?

Get emails when @benimmo has new unrolls!

Check out other threads from @benimmo!

Read all threads by @benimmo

:(