Our security teams continue to focus on finding and removing deceptive campaigns around the world, whether foreign or domestic.
Over the past five years, we’ve shared our findings on Coordinated Inauthentic Behavior (CIB) and other threats we detect and remove from our platforms. Today, as part of our regular adversarial threat reporting, we’re posting information about three networks that we took down in the last quarter to make it easier for people to see the progress we’re making in one place. We have shared information about our findings with industry partners, researchers and policy makers.
Here are the key insights from today’s adversarial threat report:
1. United States: We’ve removed 39 Facebook accounts, 16 Pages, two Groups, and 26 Instagram accounts for violating our policy against coordinated inauthentic behavior. This network originated in the United States and focused on a number of countries, including Afghanistan, Algeria, Iran, Iraq, Kazakhstan, Kyrgyzstan, Russia, Somalia, Syria, Tajikistan, Uzbekistan and Yemen. The operation took place on many Internet services, including Twitter, YouTube, Telegram, VKontakte and Odnoklassniki. It included several groups of fake accounts on our platforms, some of which were detected and disabled by our automated systems prior to our investigation. The majority of posts in this operation had little or no engagement from genuine communities.
We discovered this activity as part of our internal investigation into alleged coordinated inauthentic behavior in the region. We have shared information about this network with independent researchers from Graphika and the Stanford Internet Observatory, who published their findings on this network’s activity on the Internet on August 24, 2022. Although the people behind this operation attempted to conceal their identity and coordination, our investigation found links to individuals associated with the US military.
2. China (originally reported September 27, 2022): We removed 81 Facebook accounts, eight Pages, one group and two Instagram accounts for violating our policy against CIB. This network was born in China and targeted the United States, the Czech Republic and, to a lesser extent, Chinese and French-speaking audiences around the world. It was running on many internet services, including Facebook, Instagram, Twitter and two Czech petition platforms.
Each group of accounts posted content during working hours in China rather than when their target audiences would typically be awake. Only a few people have committed to it and some of those who have called it fake. Our automated systems have removed a number of accounts and pages for various Community Standards violations, including impersonation and inauthenticity. We discovered this activity as part of our internal investigation into alleged coordinated inauthentic behavior in the region.
3. Russia (originally reported September 27, 2022): We removed 1,633 accounts, 703 pages, one group and 29 accounts on Instagram for violating our policy against CIB. This network was born in Russia and mainly targeted Germany, but also France, Italy, Ukraine and the United Kingdom. The operation focused on a large network of websites carefully impersonating legitimate news outlets in Europe. There they would publish original articles that criticized Ukraine, praised Russia, and argued that Western sanctions against Russia would backfire. They would then promote these articles, memes and YouTube videos on Facebook, Instagram, Telegram, Twitter, petition sites Change[.]org and Avaaz, and LiveJournal.
We began our investigation after reviewing public reporting on some of this activity by investigative journalists in Germany. Researchers from the Digital Forensic Research Lab have also provided information on part of this network, and we have shared our findings with them to enable further research into the larger operation. Throughout our investigation and after our initial report, as we blocked domains from this operation, they created hundreds of new websites, suggesting persistence and continued investment in this activity. We have continued to update our initial takedown report with these domains to help inform open source security research.
We know that influence operations will continue to evolve in response to our application, and new misleading behaviors will emerge. We will continue to refine our application and share our findings publicly. We are making progress in eliminating these abuses, but as we have said before, it is an ongoing effort and we are committed to continuous improvement to stay ahead.
See the full adversarial threat report for more information.
#Meta #Adversarial #Threat #Report #Meta