The Washington PostDemocracy Dies in Darkness

The Cybersecurity 202: The Facebook ad dump shows the true sophistication of Russia’s influence operation

Analysis by
Assistant visual enterprise editor, reporter
May 11, 2018 at 8:18 a.m. EDT

with Bastien Inzaurralde

THE KEY

The massive trove of Facebook ads House Intelligence Committee Democrats released Tuesday provides a stunning look into the true sophistication of the Russian government’s digital operations during the presidential election.

We’ve already heard a lot from the U.S. intelligence community about the hacking operation Russian intelligence services carried out against Democratic party computer networks to influence the election in favor of then-candidate Donald Trump. 

But this is the first time we have a swath of empirical and visual evidence of Russia’s disinformation campaign, in the form of more than 3,000 incredibly specific and inflammatory ads purchased by an Internet troll farm sponsored by the Kremlin.

The ads clearly show how Russia weaponized social media, the senior Democrat on the panel investigating Moscow’s interference in the presidential election said.

Russians “sought to harness Americans’ very real frustrations and anger over sensitive political matters in order to influence American thinking, voting and behavior,” Rep. Adam Schiff (D-Calif.) said in a statement. That’s why Schiff and other lawmakers pushed to release the ads publicly: “The only way we can begin to inoculate ourselves against a future attack is to see first-hand the types of messages, themes and imagery the Russians used to divide us.”

The 3,500 ads purchased by the Kremlin-backed Internet Research Agency, or IRA, were funneled with laser precision to narrow categories of social media users. 

My colleague Tony Romm reports that the troll farm used Facebook's targeting tools to deliver the Russian-fed propaganda to a range of specific user groups, from black or gay users to fans of Fox News. He writes: “In many cases, the Kremlin-tied ads took multiple sides of the same issue. Accounts like United Muslims of America urged viewers in New York in March 2016 to ‘stop Islamophobia and the fear of Muslims.’ That same account, days later, crafted an open letter in another ad that accused [Hillary] Clinton of failing to support Muslims before the election."

The Russian agents didn’t stop there, Tony notes: “They relied on Facebook features to target specific categories of users. An IRA-backed account on Instagram aimed a January 2016 ad about ‘white supremacy’ specifically to those whose interests included HuffPost’s ‘black voices’ section.”

The IRA sought to capitalize on the controversy over NFL players kneeling during the national anthem—and even, as Tony found, get people to protest for and against Beyoncé. NBC reports that the ads even shopped anti-immigrant messages to fans of specific Fox News personalities such as Sean Hannity and Bill O’Reilly. This effort to lure social media to engage with Russian-fed propaganda like this clearly required a sound knowledge of Americans and their politics that is especially staggering when you see the ads in full.

Get ready for more of this.

This type of “hybrid” cyberoperation is the new standard for state-sponsored election interference campaigns, said Peter W. Singer, a strategist at the New America think tank.

“The future of these campaigns is hybridization — in terms of state and criminal actors working together,” Singer told me. Going forward, he said, we’ll see more “attacks targeting both the networks and the beliefs and conversations of people behind the networks." 

As Singer notes: “When it comes to cyberoperations and information warfare or influence campaigns, the way we conceive of them is we keep them separate.” But, as the ads make very clear, Russia “didn’t separate them,” he said. 

After the Democrats released the ads, Clint Watts, a former FBI agent who has studied Russian online influence campaigns, broke down how some of the IRA’s targeting worked:

The ads on Facebook and Instagram reached at least 146 million people between mid-2015 and mid-2017. 

Facebook acknowledged Thursday it had not anticipated the two-pronged approach.

“In the run-up to the 2016 elections, we were focused on the kinds of cybersecurity attacks typically used by nation states, for example phishing and malware attacks. And we were too slow to spot this type of information operations interference,” the company said in a statement.

The company said it has made “important changes to prevent bad actors from using misinformation to undermine the democratic process” but conceded there’s no silver bullet. “This will never be a solved problem because we’re up against determined, creative and well-funded adversaries,” Facebook said. (And it wasn't just Facebook: Reddit's CEO Steve Huffman said earlier this year the company removed 944 suspicious accounts that were of suspicious IRA origin, which it posted here.)

Russian-backed Facebook ads sought to influence the American democratic process from abroad. (Video: Joyce Koh, Deirdra O'Regan/The Washington Post)

The ad trove adds color to details about the IRA that we already know from special counsel Robert Mueller’s investigation into election interference.

Mueller’s February indictment of the now-infamous group of Internet trolls was chock-full of colorful details about the St. Petersburg-based group and read like something out of a spy novel. As my colleagues Devlin Barrett, Sari Horwitz and Rosalind S. Helderman reported at the time:

“The indictment charges that the Russian efforts began in 2014, when three of the Russian conspirators visited 10 states, gathering intelligence about U.S. politics. Officials say that as the operation progressed, the suspects also engaged in extensive online conversations with Americans who became unwitting tools of the Russian efforts.”

The indictment described “an 80-person team with specialists in graphics, data analysis and search-engine optimization that set out to con Americans online,” my colleagues wrote. “At times, they paid people to engage in political theater, such as paying for the construction of ‘a cage large enough to hold an actress depicting Clinton in a prison uniform,’ according to the charges.”

Mueller’s charges against 13 individuals and three companies included conspiracy to defraud the United States, and conspiracy to commit wire fraud and bank fraud.

PINGED, PATCHED, PWNED

PINGED: Researchers from University of California at Berkeley published a paper showing "they could embed commands directly into recordings of music or spoken text" for virtual assistants like Apple's Siri or Amazon's Alexa that a human can't detect, the New York Times's Craig S. Smith reports. "So while a human listener hears someone talking or an orchestra playing, Amazon’s Echo speaker might hear an instruction to add something to your shopping list."

"These deceptions illustrate how artificial intelligence — even as it is making great strides — can still be tricked and manipulated," Smith writes. One of the researchers said it may only be a matter of time before someone starts exploiting this technique. “My assumption is that the malicious people already employ people to do what I do,” Nicholas Carlini told Smith. 

PATCHED: The encryption fight is still simmering. A bipartisan group of House lawmakers yesterday introduced a bill that would prevent law enforcement agencies from forcing companies to install encryption back doors in their products. The group that introduced the bill — called the Secure Data Act of 2018 — includes Reps. Zoe Lofgren (D-Calif.), Thomas Massie (R-Ky.), Jerrold Nadler (D-N.Y.), Ted Poe (R-Tex.), Ted Lieu (D-Calif.) and Matt Gaetz (R-Fla.). 

“When the government forces companies to insert security back doors in their products, they make Americans less safe,” Massie said in a statement. “Back doors in otherwise secure products make Americans’ data less safe, and they compromise the desirability of American goods overseas.” 

Lofgren said she found it “troubling that law enforcement agencies appear to be more interested in compelling U.S. companies to weaken their product security than using already available technological solutions to gain access to encrypted devices and services.”

From Bloomberg Law's Daniel Stoller:

PWNED: A cybersecurity firm focusing on protecting industrial control systems said a group of hackers called Allanite is gathering intelligence inside electric utilities in the United States and Britain. Dragos said it has “moderate confidence” that the group is doing so in part to "have ready access from which to disrupt electric utilities."

“ALLANITE uses email phishing campaigns and compromised websites called watering holes to steal credentials and gain access to target networks, including collecting and distributing screenshots of industrial control systems,” Dragos said in its assessment. “ALLANITE operations limit themselves to information gathering and have not demonstrated any disruptive or damaging capabilities.”

“While the U.S. government and private sector companies have linked Allanite activity to Russia, Dragos says it 'does not corroborate the attribution of others,' " SecurityWeek's Eduard Kovacs writes

And for a deep dive into Dragos's work, you can read this recent story from The Washington Post's Ellen Nakashima and Aaron Gregg.

— More cybersecurity news:

Trump unloads on Homeland Security secretary in lengthy immigration tirade (Josh Dawsey and Nick Miroff)

Man Charged With Hacking Into and Defacing Military and Government Websites (New York Times)

If You Want Facebook to Stop Targeting You For Ads, Follow These Instructions (Nextgov)

PUBLIC KEY

— Today is the first anniversary of President Trump's executive order on cybersecurity, and the administration is expected to mark the occasion with the release of a report on confronting botnet attacks, Inside Cybersecurity's Charlie Mitchell wrote.

A source told Mitchell that “the botnet report is on track for release on Friday and will build on comments submitted on the draft.” The draft report was released in January.

—Del. Eleanor Holmes Norton (D-D.C.) and Rep. C.A. Dutch Ruppersberger (D-Md.) introduced a bill to offer free lifetime identity protection to federal employees whose personal information was compromised in the 2015 breaches of Office of Personnel Management. 

Under current law, the OPM is only required to provide the coverage through fiscal year 2026, according to a statement from Norton's office. 

— The Federal Communications Commission announced yesterday that Obama-era net neutrality rules, which the panel voted to repeal in December, will effectively end June 11, Reuters's David Shepardson writes.

“The effect of this will be better, faster, cheaper Internet access and the free and open Internet that we have had for many, many years,” FCC Chairman Ajit Pai said. 

The Senate could vote next week on whether to cancel the FCC's repeal of net neutrality rules, now that Democrats such as Edward J. Markey (D-Mass.) are moving to force a vote. Markey, one of the senators campaigning to undo the FCC's December decision, urged the Senate to pass his “resolution to save the Internet as we know it.” 

—  Score one for privacy advocates: “A federal judge denied the Trump administration’s request to throw out a lawsuit challenging the right of border agents to seize and search the mobile phones and laptops of U.S. citizens without warrants or a showing of probable cause,” Bloomberg News's Erik Larson reports.

“Plaintiffs have plausibly alleged that the government’s digital device search policies substantially burden travelers’ First Amendment rights,” U.S. District Judge Denise Casper wrote Wednesday, as quoted by Larson.

The American Civil Liberties Union, the Electronic Frontier Foundation and the ACLU of Massachusetts sued the Department of Homeland Security in September on behalf of 10 U.S. citizens and one lawful permanent resident. 

PRIVATE KEY

— The official who protected both President Obama and Trump from getting hacked is headed to the office-sharing company WeWork, Recode's Shirin Ghaffary reports.

“Cory Louie, who served for two years as chief information security officer for the White House’s Executive Office, will be overseeing both digital and physical security for WeWork’s nearly 250,000 members,” Ghaffary writes. “Louie, who was appointed to head up White House information security by President Obama in 2015, resigned last March, shortly after Trump took office.”

— More news about cybersecurity in the private sector: 

Deluge of Attacks Prompts Telecom Firm to Overhaul Cyber Investigations Team (The Wall Street Journal)

CHAT ROOM

Sens. Heinrich and Hoeven on how to confront cyber threats:

Sen. Martin Heinrich (D-N.M.) and Sen. John Hoeven (R-N.D.), discuss what Congress is doing to prevent state actors from hacking into the country’s power grid. (Video: Washington Post Live)

— Sen. Martin Heinrich (D-N.M.) told The Post's Dino Grandoni yesterday that the United States needs to “create a cyber doctrine, create a stance that we project to the world and say where some of our red lines are.”

“You know, for years we’ve had a nuclear doctrine where Russia and the United States both understood where the other stood and where the red lines were, and what the sort of state of play was and where are the places you just can’t go,” Heinrich said at an Energy 202 event. “We don’t have that in cyber right now, and it’s really important if you’re going to have deterrents, to project some of those things.”

Sen. John Hoeven (R-N.D.) said the government should coordinate its cyberdefense policy across several federal agencies as well as with the private sector. He said the Department of Homeland Security should continue to have that responsibility. "Make sure that this issue is front and center,” Hoeven added.

ZERO DAYBOOK

Today

  • The Trump administration is expected to release a report on botnet attacks.

Coming soon

  • Cloud Security Alliance Federal Summit on May 15.
  • Adobe Digital Government Symposium on May 15.
  • Senate Judiciary Committee hearing on Cambridge Analytica and data privacy on May 16.
  • USTelecom Cybersecurity Policy Forum on May 16.
EASTER EGGS

The Post's Carol Morello traveled with Secretary of State Mike Pompeo to North Korea. Here's what she saw:

The Washington Post's Carol Morello was one of two journalists to travel with Secretary of State Mike Pompeo to North Korea to rescue three Americans. (Video: Nicki DeMarco, Jason Aldag/The Washington Post, Photo: Carol Morello/The Washington Post)

Here’s what the long-awaited Pentagon report on the 2017 Niger attack said:

On May 10, the Pentagon released details of its investigation into the October 2017 ambush of U.S. soldiers in Niger. The Post’s Missy Ryan explains the report. (Video: Joyce Lee, Missy Ryan/The Washington Post)

And Trump announced his slogan for his 2020 reelection campaign:

President Trump announced the slogan for his 2020 presidential campaign at a rally in Elkhart, Ind. on May 10. (Video: The Washington Post)