Share this page!

Enter URL or ID to Unroll

You can paste full URL like: https://x.com/threadreaderapp/status/1644127596119195649
or just the ID like: 1644127596119195649

How to get URL link on X (Twitter) App

  1. On the Twitter thread, click on or icon on the bottom
  2. Click again on or Share Via icon
  3. Click on Copy Link to Tweet
  4. Paste it above and click "Unroll Thread"!
  5. More info at Twitter Help
John Scott-Railton Profile picture
@jsrailton
Jul 9 10 tweets 6 min read Read on X
Scrolly
NEW: @TheJusticeDept just disrupted a Russian-run AI-enabled Twitter disinformation bot farm.

Almost 1000 accounts on @X.

Masqueraded as Americans & promoted Russian government narratives.

Fascinating sleuthing behind this 1/
justice.gov/opa/pr/justice…



Image
Image
Image
Image
2/ The investigation behind this Russian political interference takedown is interesting.

First, the @FBI got account registration info for a slice of fake accounts on @X

They found a lot of email accounts registered on the same server.

So they went to the registrar...
Image
Image
@FBI @X 3/ While the domain registrar (Namecheap) had a bunch of account registration information for the @FBI, the info was a fake name and some alias information.

Strike out? No. The FBI began a subpoena cascade, starting with the Google account used to register the domain. Image
@FBI @X 4/ @FBI had a tasty find from first gmail subpoena: Moscow IP address.

That was just the beginning: ubpoena cascade led through 2 more emails to a phone number.

Which they say they found in widely-leaked Russian tax & mobile subscriber information.

And got the operator. Image
@FBI @X 5/ Simultaneously, a jointly issued* a technical advisory provided detail on identifying Russian AI-generated personas.

Likely reflects their conclusion that the Russians won't stop.

*🇺🇸@FBI @CNMF_CyberAlert 🇨🇦@cybercentre_ca 🇳🇱@AIVD @Defensie @Politie
ic3.gov/Media/News/202…



Image
Image
Image
Image
6/ The Russian Bot takedown, some notes:

☑️ Foreign efforts to shape Americans' perceptions via bots continue on @X despite Musk claims.

☑️AI is now a key disinformation op. tool.

☑️ Total # of accounts is small vs. @X universe, BUT doesn't rule out outside impact when well targeted.
7/ Cont'd:

☑️Takedowns & accompanying advisory suggest that US & allies are trying various techniques like these disruptions and seizures... because the operators are currently beyond their direct reach.

Expect the operators to learn, evolve & come right back targeting the US.
8/ Russia is one of many countries now swamping @X with AI-driven bots to shape perceptions.

Even smaller countries operations flourish & aren't taken down after being identified.

Want proof? Check the accounts in this campaign for yourself.👇

9/ Oh, and in case you missed it, Russia Today @RT_com involvement is alleged all over this bot farm, from origins to cover stories.

Source: justice.gov/d9/2024-07/aff…


Image
Image
Image
10. The "another US government agency" is an interesting element to the affidavit. So is framing of credibility & reliability.

Speculating wildly that it isn't @USFWS

Further speculating: this suggests a high level effort to break silos & get key information out quickly. Image

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with John Scott-Railton

John Scott-Railton Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @jsrailton

John Scott-Railton Profile picture
Jul 10
IMPORTANT: has @Apple sent you a mercenary spyware threat notification?

Latest round just went out.

Take them seriously. Get expert help.

If you a journalist, activist, dissident etc. I suggest you ✅contact @accessnow's helpline. 1/
accessnow.org/help/
2/ In my experience, @Apple's mercenary spyware threat notifications do several things:

✅ Help users take action to secure themselves
✅ Impose cost on spyware companies & customers
✅ Keep us researchers busy investigating cases

They can also have a✅deterrent effect.
@Apple 3/ I never tire of saying that @apple threat notifications have helped to change the information balance between spyware victims & those that target them.

They have also kicked off waves of scandals & discoveries of spyware abuses. Like in #Poland👇

Read 5 tweets
John Scott-Railton Profile picture
Jul 6
Another jailed dissident goes into hospital.

One by one, Putin's goal is to eliminate them all.

Now is the time for international attention to the condition of Vladimir Kara-Murza.
Image
2/ Kara-Murza is an incredibly brave voice and thorn in Putin's side.

He was twice-poisoned and was then imprisoned after a show trial.

And he's not the only person in grave danger...
nybooks.com/online/2017/02…
Image
3/ Another Russian truth teller in danger?

Ilya Yashin, jailed after speaking out on Putin's invasion of #Ukraine.

He is among at least 766 political prisoners in Russia according to human rights organization @pzk_memo_eng , which maintains a list: memopzk.orgImage
Image
Read 4 tweets
John Scott-Railton Profile picture
Jul 1
2.6 million people have been shown this deepfake.

It cites an AI-written disinformation site.

Don't believe me? Well. operators of this fake French news site often forgot to delete the prompts.

Perhaps they don't speak French?

Site is filled with generated content prompted as conservative attacks against @EmmanuelMacron and other disinformation.

Site became active ~ a week before yesterday's #French elections & is now pumping out tons of false content.

Very instructive..

h/t @KyleJGlen (recommended follow!) for flagging!
(2nd screenshot = machine translated)Image
Image
Image
2/ Lesson: the raw falsehoods laundered up through coordinated disinformation that gets to a viral false thread can be incredibly sloppy. Image
3/ Glad to see the community note. But by now the obviously fake content has reached a modest degree of virality.


Image
Read 6 tweets
John Scott-Railton Profile picture
Jun 22
NEW: sprawling #ChatGPT-powered pro-#Rwanda propaganda operation on @X.

More than half a million posts this year.

Used #AI / #LLM- drafted posts to propagandize, attack truth tellers & bury negative stories under inauthentic content. 1/

By @ClemsonHub
tigerprints.clemson.edu/cgi/viewconten…



Image
Image
Image
Image
2/@X is awash with #AI/#LLM- enabled propaganda & bot activity.

Including government efforts to manipulate perceptions & attack state 'enemies.'

As long as Twitter/X continues to fail at addressing this automated manipulation, the scale will only grow.
Image
Image
3/ The devastating report by @ClemsonHub about #ChatGPT-powered #Rwandan propaganda needs to be read in context:

Whether #Pegasus spyware, or #AI-enhanced propaganda armies harassing journalists, the government of #Rwanda keeps acquiring cutting-edge technology to increase the global range of their authoritarianism.

Many other governments will follow their lead, and learn from the example.

I would be astonished if the pro-government propaganda operation outlined in the report doesn't show up in the replies to this thread with harassment and disinformation.Image
Read 5 tweets
John Scott-Railton Profile picture
Jun 21
WHOA @USTreasury just sanctioned leadership at 🇷🇺Russian antivirus company @kaspersky.

Comes on heels of yesterday's @CommerceGov ban on sales of their antivirus to the US.

Huge-but-somewhat-anticipated blow to #Kaspersky whose fortunes in the US have been falling since the 2017 @DHSgov binding directive to remove their products from gov systems.

Will be fascinating to see if other governments echo some of these actions.

home.treasury.gov/news/press-rel…Image
2/ The case of @Kaspersky is a good teachable moment to talk about some painful truths about antivirus software.

1- Massive marketing has instilled the instinctive and INCORRECT belief that in regular users that antivirus products are the most important security step.

This is massively out of step with expert security recommendations. Source: a consistent finding in surveys of expert vs regular user security perceptions.

People continue to get soaked by AV companies selling products that don't provide nearly as much protection as they think.

Source: usenix.org/system/files/s…Image
3/. It's not just that Antivirus products don't provide users the kind of security they think they do...

Antivirus products themselves must have, by design, a ridiculously invasive view into what you are doing on your computer.

How else could they check every file for badness, right?

And for the company to keep detecting new things, lots of information about your files are going to be headed up into their systems when you run scans.

And the access to files doesn't end there.

You can learn a lot and, potentially, do a lot with the kind of access users have to grant an antivirus for it to work.

This is an under-appreciated privacy and security concern for anyone with an antivirus installed.

It is a big reason why the US, and every other government, is worried by the possibility that an antivirus vendor might be untrustworthy.
Read 6 tweets
John Scott-Railton Profile picture
May 28
Great. Just someone claiming to offer some #Pegasus spyware source code for sale.

True or scam, this reminds me of 2018, when an NSO employee stole code & did exactly that.

As I testified to Congress: the mercenary spyware industry continues to recklessly proliferate very sophisticated capabilities once limited to a handful of governments.

Given how many times the industry has gotten caught, I have a hard time believing that these companies can maintain enough control over all facets of their capabilities...

.... to prevent parts of their tech from inevitably leaking to criminals & other non-state actors, turbocharging cybercrime & disruptive ransomware attacks.Image
2/ Now for some grim good news in this case: even if the person is in fact offering some portion of Pegasus spyware source code, and not trying to scam people, they are not even claiming to have the working exploits used to infect phones.

Important distinction, since even if the spiciest & most-helpful-to-criminals aspects of NSO Group's codebase were leaked & incorporated into cyber criminal toolkits... criminals would still need to source the (expensive & complex) exploits required to actually infect phones. And then make them work reliably, etc etc.
3/ Here's the 2018 story of an employee stealing code.

By @josephfcox ft @RonDeibert & me.
vice.com/en/article/9km…



Image
Image
Image
Image
Read 4 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Don't want to be a Premium member but still want to support us?

Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Or Donate anonymously using crypto!

Ethereum

0xfe58350B80634f60Fa6Dc149a72b4DFbc17D341E copy

Bitcoin

3ATGMxNzCUFzxpMCHL5sWSt4DVtS8UqXpi copy

Thank you for your support!

Follow Us!

Send Email!

:(