US Intelligence Keys in on the Russian ‘Troll Army’ Manipulating Social Media

When Facebook posts and tweets blamed Ukrainian rebels for downing a Malaysian jet there last year, U.S. spies studied social media trend lines to gauge public opinion of the Kiev-Moscow conflict.

The number of Facebook "likes”; statistics on retweets and "favorited” tweets; and other social media analytics told one story. But intelligence officials know that, increasingly, autocracies are deploying "trolls" – robotic feeds or paid commentators – to sway social media trends.  So officials say they were cautious when compiling situation assessments.

Such messaging can become dangerous when it casts doubt on ground truth. 

Director of National Intelligence James Clapper depends on open source information in addition to classified material, to provide American decision-makers with objective information. There is a concern that social media campaigns orchestrated by overseas powers could distort open-source intelligence gathering, some US officials say. 

"As various situations unfold in other countries -- and Clapper has got to be able to advise the president and other senior leaders in the government on what are the likely outcomes, what are the range of possibilities -- having the best information possible is crucial," ODNI Science and Technology Director David Honey told Nextgov.

"There are rigorous, rigorous processes to try and always make sure that the information is correct,” he added. “That's where I would worry: If one of our tools gave an incorrect forecast, it could lead to giving bad advice to the senior leadership.”

Already, adversaries have tried to distort online perceptions, he acknowledged, providing the example of the social media swirl around the July 2014 crash of Malaysia Airlines Flight 17.

"There may be a disagreement on the part of Russia on what happened on the aircraft that was downed in that part of the world. And so people will take different data sources and try to use them to their own purposes," Honey said.

Facebook and Twitter analytics help with "sentiment analysis," or understanding how certain groups observe and feel about current events.  

The actual cause of the disaster, which killed all 298 people on board, has become a flashpoint. U.S. ally Ukraine alleges pro-Russian separatists shot down the plane over territory they controlled.

"Russia may be motivated to try and create one impression," Honey said. "Coupled to that is the issue of Ukraine, and again sentiment analysis -- what are the opinions of the people on the ground? What are the opinions of people in Russia? It's all important to us to be able to give an understanding of what does it mean."

The counter-narrative promoted by Moscow’s “troll army” of patriotic bloggers has been that a Ukrainian plane -- not Russian-backed rebels -- shot down MH17. Right now, foreign investigators are probing parts from what might be a Russian-made Buk antiaircraft missile system that were recently discovered near the crash site, according to CNN. 

Reality Checks
The process of differentiating between a real, grassroots social media storm and AstroTurf campaigns in the blogosphere is not an exact science yet, Honey said. The trickiness of discerning fact from fiction also crops up in online punditry during campaign season, for instance, he said.
"Is somebody going and blogging 100 times under different names? How do you figure that out? That's a challenge. And so with any of these technologies, you really have to think through how they can be used, how somebody could game them and make sure that you are getting accurate answers," Honey added.

This is especially true now, because it's fairly easy for computer programmers to create bots -- formulas that chatter online like real users.

To do a reality check, "there are statistical approaches to be able to try to figure out if there are correlations between posts that are just a little too close to be different people," Honey said. While Twitter and Facebook try to police fraud, "the ability to spoof the algorithms that check if it's a human" is a different matter.  The DNI earlier this month published an unclassified five-year science and technology strategy for startups to read, partly so that intelligence analysts can gain insight into tech inventions before nefarious hands do.  

"The people who are developing them at the time aren't the kind of people to abuse technology, so they don't necessarily think through how a bad actor might try to manipulate any of the technology," Honey said. "You've got to be able to think through at some point, hopefully in advance, how they might be misused or how somebody might try to trick you into thinking you've got one thing when in fact you've got something else?”

More than half a decade ago, China pioneered the practice of falsifying social media communications to influence perceptions of Beijing's ruling party.

Chinese Facebook and Twitter conversations surrounding Tibetan civil liberties were a common target.

"This has involved creating fake accounts that publish and/or retweet stories on economic development and ethnic harmony in the region and the use of bots to drown out other voices," said Adam Segal, who researches China and cybersecurity at the Council on Foreign Relations.

In 2012, several hundred bots flooded Twitter discussions using the hashtags #Tibet and #Freetibet with meaningless tweets and spam, Segal noted on the think tank's blog at the time.

"If you were someone trying to learn more about Tibet, you kept bumping up against these threads, and eventually you may have given up and moved on to some other subject," he said.

The Associated Press reported in late May that Serbs receive most of their information about Russia from coerced typists that parrot the Kremlin party line. As a result, there is a widespread belief in Serbia that Kiev officials are neo-Nazi, according to the AP. 

Last month, Forbes columnist Paul Roderick Gregory said an article he wrote the day after the MH17 incident, in which he alleged Russian separatists shot down the plane, has received more than 100 comments from Russian trolls. 

Putin’s keyboard operatives “assert the offending bloggers are CIA spies, professional photo shoppers, forgers, Russia haters, hokhols (a derogatory expression for Ukrainians) -- perhaps even insane,” Gregory wrote in July. “These trolls keep busy by poking holes in the evidence, and the more absurd, the better (false facts, Photoshopped images). Their job is to raise doubts and cause confusion."

A Captive Audience
Now other countries, including Middle Eastern regimes not too happy about the Arab Spring, are staging messaging operations to counter Western views. 

Advocacy group Freedom House noticed that last year, 24 of the 65 countries the organization monitors for online censorship were engaging in some form of pro-government social media tampering, said Sanja Kelly, director of the group's Freedom on the Net project. One recent example: Azerbaijan, which hosted this summer's European Games, took to Twitter to deflect international criticism of its human rights record. At several points in the run-up to the games, pro-government tweets from multiple accounts appeared at roughly the same time, the BBC reported.

The official organizing committee and a coordinated fleet of users tweeted positive images of Azerbaijan's capital, Baku. A large group photo of participants crouching and standing, with national flags from across Europe in the background, carried the message: #Azerbaijan athletes with @azpresident #Azerbaijan #baku2015 #realbaku2015 #europeangames #biginbaku #ilove azerbaijan"

It's hard to quantify the success rate of fabricated online campaigns but anecdotal evidence suggests the oppressors are winning the hearts and minds of the citizenry, Kelly said.

"Just looking at it more from a qualitative perspective, it seems that it is being effective -- because most people cannot tell the difference between a legitimate tweet or a legitimate comment and comments made by these trolls," she said. "If you are the average reader, there would be no reason for you to believe that this exchange” tarnishing the reputation of a dissident “is not legit.”

Based on general studies of regimes that filter Internet content, the governments "are able to propagate their message and hold their population captive, in a way, because they are not able to get alternative sources of information,” Kelly added. 

NextGov

« Snowden Has No Plans to Leave Russia
Anonymous Launches Cyber-Attacks Against ISIS »

CyberSecurity Jobsite
Check Point

Directory of Suppliers

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 8,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Nozomi Networks

Nozomi Networks

Nozomi Networks is a leader in Industrial Control System (ICS) cybersecurity, with a comprehensive platform to deliver real-time cybersecurity and operational visibility.

Silverskin Information Security

Silverskin Information Security

Silverskin is a cyber attack company that specializes in having knowledge of the attacker's mindset to identify vulnerabilities and build effective and persistent defences.

EU Joint Research Centre

EU Joint Research Centre

JRC is the European Commission's science and knowledge service which employs scientists to carry out research in order to provide independent scientific advice and support to EU policy.

Startup Capital Ventures

Startup Capital Ventures

Startup Capital Ventures is an early stage venture capital firm with a focus on FinTech, Cloud/SaaS, Security, Healthcare IT, and IoT.

SimSpace

SimSpace

SimSpace is the visionary yet practical platform for measuring how your security system responds under actual, sustained attack.

SafeGuard Cyber

SafeGuard Cyber

The SafeGuard Cyber SaaS platform empowers enterprises to adopt the social and digital channels they need to reach customers, while reducing digital risk and staying secure and compliant.

TAG Cyber

TAG Cyber

TAG Cyber's mission is to provide world-class cyber security research, advisory, and consulting services to enterprise security teams around the world.

Lifetech

Lifetech

Lifetech is a software development, product engineering and system integration company. Cybersecurity services include SIEM deployment and training.

Have I Been Pwned (HIBP)

Have I Been Pwned (HIBP)

Have I Been Pwned is a free resource for anyone to quickly assess if they may have been put at risk due to an online account of theirs having been compromised or "pwned" in a data breach.

Comcast Business

Comcast Business

Comcast Business keeps businesses ready for what’s next with powerful connectivity, advanced cybersecurity solutions, and the right people at your side.

Varen Technologies

Varen Technologies

Varen Technologies is an innovative consulting partner with highly respected cyber security, analytics, Agile Software Development and IT/maintenance expertise.

Paubox

Paubox

Paubox offers secure, HIPAA compliant email and marketing solutions to fit the needs of modern healthcare organizations of every size.

Skyhigh Security

Skyhigh Security

Skyhigh Security enables your remote workforce while addressing your cloud, web, data, and network security needs.

CYTUR

CYTUR

CYTUR provide trusted and secured maritime cybersecurity solutions to keep ships safe, protecting them, their crews, cargo and all stakeholders from maritime cyber threats.

Nothreat

Nothreat

Nothreat has revolutionized how businesses like yours protect themselves from damaging cyber attacks. Our tech learns and adapts in real time, protecting clients from even zero-day attacks.

Claratti

Claratti

Clarrati are a team of innovators. Industry leaders in the cloud computing, remote working, and work-from-home space. We partner with you to empower your business for the future.