With the election just 39 days away, major tech and media organizations are wrestling with how to avoid a repeat of 2016. From mass bans targeting the Kremlin’s social media-bot networks on sites like Facebook, to news outlets like the Washington Post preparing its reporters to stay vigilant when receiving purportedly leaked information, there appears to be an attempt this time around to not become “a de facto instrument of Russian intelligence,” as the New York Times once put it.
Facebook announced this week that it had discovered and shut down two separate disinformation networks run by Russian “military intelligence services.” The social media giant also took out a third network that had ties to the same internet troll farm that was involved in the 2016 election-tampering operations. “We removed 214 Facebook users, 35 Pages, 18 Groups and 34 Instagram accounts for violating our policy against foreign or government interference which is coordinated inauthentic behavior on behalf of a foreign or government entity,” Facebook said in a Thursday report, noting that the networks originated in Russia and utilized different languages to target local users from numerous countries as it “frequently posted about news and current events, including the Syrian civil war, Turkish domestic politics, geopolitical issues in the Asia-Pacific region, NATO, the war in Ukraine, and politics in the Baltics, Georgia, Armenia, Ukraine, Russia, Belarus, and the U.S.” To make the bots appear real, the fake accounts directed users to various disinformation websites and built “elaborate fictitious personas,” such as claiming to be journalists, members of hacktivist groups, or locals living in the respective country being targeted.
Online-disinformation researcher Ben Nimmo, who is the director of investigations at the social network analysis firm Graphika, sifted through the makeup of the individual Facebook bots in question and found several that attempted to appear more legitimate by incorporating stolen pictures into their profiles, creating copies of the same aliases on other online platforms, and adding other fake accounts in the network as “friends” to mutually make the profiles seem more robust.
While Facebook noted that “the operation had almost no following on our platforms when we removed it,” shutting it down early was pivotal given that it was “linked to actors associated with election interference in the U.S. in the past, including those involved in ‘DC leaks’ in 2016.” Alex Stamos, who served as Facebook’s chief information security officer during the 2016 election, and reportedly clashed with management over responding to disinformation, tweeted Thursday that “several groups with access to raw intel are pretty heavily hinting that recent Russian activity might be in preparation for a document dump.”
The most effective foreign tampering in 2016 occurred in hack-and-leak operations, which entails an outside entity hacking into a database to steal sensitive materials that are then released—at times, after the material has been manipulated or altered, as reportedly proved to be the case with at least one of the Hillary Clinton emails released after the 2016 Guccifer 2.0 hack—during key election dates in an attempt to influence voters and the media. It was nearly four years ago, as Trump’s offensive Access Hollywood remarks were dominating headlines, that WikiLeaks began publishing emails stolen from Clinton campaign chairman John Podesta.
The possibility of a mega-leak similarly dropping in the waning weeks of another presidential election is on the minds of journalists. “Worth media outlets (re)thinking through now what happens if a big hack-and-leak operation hits in the next few weeks,” New York Times columnist and former BuzzFeed editor in chief Ben Smith tweeted. Former Times national security reporter Scott Shane suggested journalists be ready to “discuss before rushing to publish and [if] publishing, explain everything possible about the apparent source and motives.”