Writer, linguist, diver. Global Threat Intel Lead @Meta. Investigating, analysing and exposing influence ops. RT ≠ endorsement.
Sep 27, 2022 • 11 tweets • 5 min read
🚨BREAKING🚨 @Meta took down two covert influence ops:
Big one from Russia🇷🇺 targeting Europe with spoofed media websites like the Guardian and Spiegel
First one from China 🇨🇳 to focus on both sides of domestic US 🇺🇸 politics and Czech-China relations. about.fb.com/news/2022/09/r…@Meta The operations were very different, but both worked on multiple social media platforms and petitions sites.
The Russian op was even on LiveJournal (cute).
List of domains, petitions etc in the report. #OSINT community, happy hunting!
Aug 4, 2022 • 11 tweets • 3 min read
Quarterly threat report from @Meta’s investigative teams.
Takedowns from around the world:
Cyber espionage in South Asia;
Harassment in India;
Violating networks in Greece, South Africa, India;
Influence ops from Malaysia & Israel
A deep dive into a Russian troll farm, linked to people with ties to what’s known as the Internet Research Agency.
It used fake accounts across the internet to make it look like there’s support for Russia’s war in Ukraine - and to pretend the troll farm's doing a good job.
Apr 7, 2022 • 15 tweets • 7 min read
Quarterly threat report from @Meta’s investigative teams.
Much to dig into:
State & non-state actors targeting Ukraine;
Cyber espionage from Iran and Azerbaijan;
Influence ops in Brazil and Costa Rica;
Spammy activity in the Philippines... about.fb.com/news/2022/04/m…
I’ll focus this thread on Ukraine. For more on the rest, see the great @ngleicher and @DavidAgranovich.
Feb 28, 2022 • 6 tweets • 2 min read
🚨 TAKEDOWN 🚨
This weekend, we took down a relatively small influence operation that had targeted Ukraine across multiple social media platforms and websites. It was run by people in Russia and Ukraine: about.fb.com/news/2022/02/s…
It consisted of approx 40 accounts, Groups and Pages on FB and IG, plus on Twitter, YouTube, VK, OK, Telegram.
It mainly posted links to long-form articles on its websites, without much luck making them engaging. It got very few reactions, and under 4k followers.
Feb 27, 2022 • 10 tweets • 6 min read
Personal 🧵 based on years of OSINT research into influence operations since 2014.
Looking at the Russian official messaging on “de-nazification” and “genocide”, it’s worth putting them in context of the many different Russian IO that targeted Ukraine over the years.
* Iran, targeting the UK, focusing on Scottish independence;
* Mexico, a PR firm targeting audiences across LATAM;
* Turkey, targeting Libya, and linked to the Libyan Justice and Construction Party (affiliated w/Muslim Brotherhood).
Dec 1, 2021 • 11 tweets • 4 min read
JUST OUT: Adversarial threat report on brigading, mass reporting and coordinated inauthentic behaviour.
With a deep dive into the Chinese operation that created a fake “Swiss biologist” back in July.
* Expanding Crowdtangle IO archive to more researchers
* First public takedowns of brigading & mass reporting networks
* CIB takedown from Palestine (Hamas)
* Two CIB ops focused on Poland / Belarus migrant crisis (one from Belarus KGB)
* Op Swiss Rôle
Nov 20, 2021 • 9 tweets • 3 min read
I appreciate this discussion bc it helps shine a light on the complexity of these problems. Two things to note as we all work to tackle inauthentic behavior & deception. 🧵
1. There’s a big behavioral difference between spammy amplification and complex IO;
2. Platforms traditionally approach each differently for a reason — each represents different behaviours and has different incentive structure.
Nov 1, 2021 • 8 tweets • 2 min read
🚨 JUST OUT: We took down a troll farm in Nicaragua, run by the Nicaraguan government and the FSLN party.
Our team’s research here: about.fb.com/news/2021/11/o…
Important terminology point: over the years, I’ve seen some confusion over what constitutes a “troll farm”, as opposed to clickbait/content farms.
All but one of the networks focused on domestic targets. That’s not unusual: influence operations so often start at home — remember our recent IO Threat Report?
May 6, 2021 • 10 tweets • 3 min read
JUST OUT: 9 takedowns in our April CIB report. Primarily domestic ops:
👉Palestine, linked to Fatah;
👉Azerbaijan, linked to individuals associated with defence ministry;
👉Central African Republic, linked to local NGO;
(More in next tweet...)
👉Mexico, 1 network linked to local election campaigns, 1 linked to a local politician and a PR firm;
👉Peru, 1 linked to a local party and an advertising firm, 1 linked to a marketing entity;
👉Ukraine, 1 linked to people associated with the Sluha Narodu party,
Mar 3, 2021 • 8 tweets • 3 min read
Five takedowns for CIB from the @Facebook investigative team last month.
Fake a/cs posting to multiple pages to make content look popular
In-depth personas to seed geopolitical content
Large numbers of fakes to spam hashtags and geotags
GAN-generated faces, in bulk, but sloppily done.
My team did amazing investigative work and research into influence ops from Russia, Iran, China and many other places.
We’ve broken new ground, and I couldn’t be more proud of the team @camillefrancois and I built.
Next week, I’m starting at Facebook, where I’ll be helping to lead global threat intelligence strategy against influence operations.
I’m very excited to join one of the best IO teams in the world to study, catch and get ahead of the known players and emerging threats.
Feb 4, 2021 • 30 tweets • 11 min read
JUST OUT: Update on pro-China op Spamouflage Dragon.
Still spammy, but prolific and persistent, and getting some traction for the first time.
Mainly videos in Mandarin, Cantonese, or Mandarin + English.
Low quality, high volume, on:
Guo Wengui (from 2018)
Hong Kong protests (2019)
Chinese achievements (Feb 2020)
US crises (early 2020)
US-China rivalry (mid-2020)
Feb 4, 2021 • 5 tweets • 3 min read
Well this is big.
UK telecoms regulator @Ofcom just revoked the licence of Chinese state broadcaster CGTN to broadcast in the UK, arguing the licence is held by an entity which doesn't have editorial control, in breach of UK rules.
Ofcom found that the company which held the CGTN licence, Star China Media, didn't have editorial control.
CGTN offered to transfer to a different entity, but it's ultimately controlled by the CCP, and therefore disqualified.
Jan 29, 2021 • 7 tweets • 3 min read
And this, just out from @MsHannahMurphy and @SVR13: questions about the hundreds of thousands of followers that the same Huawei Western Europe execs have.
I'll leave it to others to analyse the 800k+ accounts involved in these followings, but one anecdotal sidelight on the fake network of accounts that attacked Belgium: some of its other amplification came from glambots from a network that also boosted Huawei Europe.
One sidelight on the Russian protests today: #Navalny is probably the single most consistent target of Russian disinfo and influence operations.
He's been a target for at least 8 years, by ops including the Internet Research Agency, Secondary Infektion, and the Kremlin.
Way back in September 2013, @Soshnikoff investigated the then newly founded Internet Research Agency, and reported that it had been trolling Navalny when he ran for Mayor of Moscow.