1/ 🚨 As Russia’s invasion in Ukraine continues, I want to remind everyone in Ukraine — particularly military, public figures, and journalists to up their online security 🚨 2/ As we shared on Sunday, we and other tech platforms continue to see threat actors targeting people in Ukraine, including Ghostwriter. about.fb.com/news/2022/02/s…

1/ An update on our ongoing work around state-controlled media:

https://twitter.com/ngleicher/status/1497417241947607043

2/ FB Pages/IG accounts: Over the past several days, we began demoting content from Facebook pages and Instagram accounts from Russian state-controlled media outlets, and we are making them harder to find across our platforms.

1/ Our teams continue to monitor and take steps to keep people safe in response to the invasion in Ukraine. I’m updating on three new steps we’re taking. 2/ First, we’ve found and removed a small CIB network that we uncovered over the last 48 hours. It had less than 5K followers on Facebook and Instagram, which was part of a broader effort across Twitter, YouTube, Telegram, VK, OK and multiple websites. about.fb.com/news/2022/02/s…

1/ We are now prohibiting Russian state media from running ads or monetizing on our platform anywhere in the world. We also continue to apply labels to additional Russian state media. These changes have already begun rolling out and will continue into the weekend. 2/ We are closely monitoring the situation in Ukraine and will keep sharing steps we’re taking to protect people on our platform.

https://twitter.com/ngleicher/status/1496909654072315915?s=20&t=5dkHTWw-qH_e7msD7dPXVA

1/ In response to the unfolding military conflict in Ukraine, we have established a Special Operations Center to respond in real time. It is staffed by experts (including native speakers) so we can closely monitor the situation and act as fast as possible. 2/ Last night, we also took steps to help people in region protect themselves online. We’ve launched a new feature in Ukraine that allows people to lock their profile to provide an extra layer of privacy and security.

This is such an important (and depressing) point. Just because these issues don’t *physiologically* impact men, doesn’t mean we shouldn’t care. They affect people we love, and they affect society. They can help make what should be a healthy, supported process into a scary one.

https://twitter.com/wiczipedia/status/1484905150754009088

The last thing we should be giving to people bearing children is *more* uncertainty and more things to be frightened of. So thank you @wiczipedia for highlighting this.

1/ This is a good example of an oft-used and oft-overlooked technique we see in a number of IO campaigns: seeding content in a lesser-known medium to facilitate spread elsewhere. A short Saturday 🧵.

https://twitter.com/jsrailton/status/1484925775136579594

2/ The initial target media here is newspapers, and classified ads at that. It’s easy to imagine this would be ineffective — how many people read classified ads today? If you only look at the seeding in isolation, you’d miss the broader operation.

1/ Today we released our latest threat report detailing our enforcement against CIB in December 2021 and looking back at the trends we saw throughout last year. about.fb.com/news/2022/01/d… 2/ We removed 52 networks from 34 countries in 2021. 64% of those cases were domestic — targeting the same country from which they were run. This is the largest majority of domestic ops our teams have disrupted since we began this work in 2017.

1/ Last week @olgs7 [caused trouble]/[started a convo] about #disinformation, mis/dis info & the new hot term misdismalinformation. I noted that all of them (even oldskool disinfo) concern me, & I wanted to circle back here to try to explain. A (long) 🧵

https://twitter.com/olgs7/status/1458487517288747010?s=20

2/ Let's focus on disinfo, b/c "misdis" and "misdismal" are really just attempts to mitigate the core challenge with our disinfo definition that only make things (much) worse. "Disinfo" generally means deceptive content shared with the intent to deceive.

1/ Like so many others, many of us at Facebook have been watching the tragic events unfolding in Afghanistan. My thoughts go out to everyone on the ground and everyone trying to help as these events unfold. 2/ Over the past week, our teams have been working around the clock to do everything we can to help keep people safe. While we have to be careful to avoid tipping off bad actors, here are a few security measures we’ve rolled out for people in country to protect their accounts.

Thoughtful op-ed from @washingtonpost on how to tackle the rise of disinfo-for-hire. washingtonpost.com/opinions/2021/… They're citing to our CIB takedown report from earlier this month, when we took down an interesting but largely ineffective operation run by a Russia-based marketing company:

https://twitter.com/ngleicher/status/1425171562597027841?s=20

For today's purported Russia leak, I'd argue the primary question isn't whether it's authentic, b/c the substance of it doesn't actually add much to the conversation (which itself is a sign of the intent behind it). The primary question should be who dropped it and why.

https://twitter.com/ngleicher/status/1415681404067741703

Remember that whether this is authentic or not, it's almost certainly *someone's* influence operation. The more we engage with it as an effort to manipulate public debate and focus on how to respond, who is behind it, and where they're headed next, the better off we'll be!

1/ Today we removed a cyber-espionage op that originated from Iran and targeted military personnel and individuals in the defense and aerospace industries primarily in the US, and some in the UK and Europe. about.fb.com/news/2021/07/t… 2/ This was a cross-platform op, targeting social media, email/collab service providers, and using malicious websites and domains to compromise their targets.

One thing we should all have learned from the last four years is that whenever juicy info drops amidst a moment of tension, the first question we should ask is "who dropped this?" the second is "why?" and the third is "is it real?" (in that order). theguardian.com/world/2021/jul… I wish this report answered these questions (or even raised them), but it doesn't. It takes the doc at face value and focuses on the exciting details. Please be cautious when retweeting or commenting: well-timed "leaks" are one of the most effective forms of influence ops.

1/ This is excellent and much-needed analysis. A 🧵

https://twitter.com/lageneralista/status/1414971926251024384

2/ At FB we look at factors like the length of an op and how many followers it has, but these have their limits -- especially as tactics evolve. An op can be long-lived but unsuccessful, and can reach only a few significant people and still generate significant reaction.

Thoughtful piece from @SusanBenesch on how to look beyond the content of individual posts to assess both impact and appropriate remedy -- a useful way to apply behavioral analysis of threat actors to more diffuse networks.

https://twitter.com/davidakaye/status/1399154580072587264

Defenders are grappling with how to adapt protocols designed for clearly delineated “bad guys” (ISIS, “The Russians”) who hide their identity online to tackle diffuse, blurred threats where witting deceivers mobilize large, authentic communities w/out hiding their identity.

1/ This is excellent analysis from @2020Partnership on misinfo during the 2020 election. Having a team of independent researchers focused on election protection and online deception is a *huge* boon for the defender community. atlanticcouncil.org/in-depth-resea… 2/ We saw many of the trends that EIP called out in this report, including cross-platform spread -- narratives often originate with a few accounts, spread across multiple platforms as they gain popularity, and are even further amplified through traditional media coverage.

1/ Today we’re announcing 5 networks removed for Coordinated Inauthentic Behavior in February: 2 networks from Iran targeting multiple countries, and domestic networks in Thailand, Morocco, and Russia about.fb.com/news/2021/03/f… 2/ The two Iranian networks focused on the middle east, as well as the UK and Afghanistan. They engaged on a range of topics, using tactics we’ve seen from other operations, and had limited reach — one operation had less than 15K followers for their assets, the other under 500.

Very proud of @brittanheller for this fascinating new piece on "biometric psychography" and how our legal and policy frameworks need new concepts to address all the types of data gathering that could happen in VR and AR.
scholarship.law.vanderbilt.edu/jetlaw/vol23/i… What is biometric psychography, you ask? "the gathering and use of biological data, paired with the stimuli that caused a biological reaction, to determine users’ preferences, likes, and dislikes."

An excellent read from @lawfareblog. @C_C_Krebs did a number of important things, but this one was both subtle & critical: “Yet Krebs, along with a handful of others ... retained their reputations for telling the truth on foreign threats to the integrity of American elections.”

https://twitter.com/ciaranmartinoxf/status/1330159772084146179

In this age of perception hacks and IO, perception of security *is* security. And no one will believe a system is secure without a trusted source of truth. Empowering voices to serve they role will be very hard in today’s low-trust reality, but that even more important.

1/ Today we published our first Inauthentic Behavior (IB) report. This report details how we tackle various forms of IB and offers some examples of recent enforcements to illustrate notable trends and tactics we’ve seen _about.fb.com/news/2020/10/i… 2/ For 3+ yrs we’ve publicly reported our removals of CIB networks. These are like the APTs of #IO. But deceptive tactics are not limited to CIB — spammers and scammers often rely on similar behaviors. We tackle both threats, but we tackle them differently.