meta Quarterly “Adverse Hazard Report” The once-fearing global troll paints a somewhat depressing picture of the ecosystem: Many organizations are trying futilely to spam their way to “relatively low in sophistication” relevance. But just because they’re bad at their jobs doesn’t mean we can let our guard down.
The report features various forms of hackery and attempts to manipulate online conversations, but it makes for sad reading. A handful of people in Greece, Pakistan or Russia are working 9-5 in a dilapidated office and stung by automated systems before they can cause any serious harm.
The common theme among most threats is impersonation, in which malicious actors create fake accounts of real people or original accounts using things like AI-powered content creation. Using these networks of accounts, often imitating attractive young women, they contact people around the world and attempt to follow them with malware or links to fake apps and services.
Needless to say, never trust any beautiful stranger you meet online – or anywhere, for that matter. But the tools they’re bringing are often not state-of-the-art, noted META’s security author:
This threat actor is a good example of a global trend we have seen where less-sophisticated groups choose to rely on openly available malicious tools rather than invest in developing or purchasing sophisticated offensive capabilities.
There were also some groups that operated farms of a few hundred to a few thousand accounts that engaged in massive reporting and brigading of content on Instagram, Facebook, and other social media. These groups are usually ideologically driven, targeting different castes, religious groups and political opponents. Some Greek extremists took it too far (as extremists are used to doing – it’s right there in the name) and ended up in a Petard-hoist situation:
According to public reporting, the individuals involved in this activity were linked to the kidnapping of a high school principal to enforce a COVID-19 check. They brought him to the police to report him for violating the Constitution, which led to the arrest of the kidnappers.
A good reminder that online harassment often spills over into the real world. Being targeted by an angry internet mob is becoming a threat to one’s safety.
The Longest Part of Meta Report “Cyber Front Z,” Goes In Detail On A Russian Troll Farm Reported for the first time by journalists in the country, They were attempting to put together an astroturfing campaign around the Russian invasion of Ukraine, but as the report noted, “this deceptive operation was clumsy and largely ineffective.”
There were something like a thousand accounts with 50,000 or more followers, and twice as many on a Telegram channel. Originally the plan was to request genuine engagement from followers — “let’s give this activist a shout out” type of content — then build engagement using fake accounts, making it look like there was a real grassroots effort going on.
Unfortunately for them the activity was quickly detected and taken down wherever possible. They did not seem to have taken much care not to appear as rioters, sometimes posting contrasting points of view in English and Russian within minutes. As with other farms, the activity pattern indicated that people who were being paid to post on behalf of the organization were probably only doing it as a favor. (It also helps to explain the naive methodology.)
All these networks are posted at a fixed time, seven days a week, with a clear weekday pattern, with a slow start in the morning and a surge towards the end of the day – possibly when operators are trying to meet their posting quota. Ran.
While this all sounds quite non-dangerous, even a bit pathetic, remember that these operations are the background noise of the security world, just like there will always be some real-life pitfalls and scams in any city. There are. That they are easily identified and shut down is good, but sophisticated groups are working on more harmful things like large-scale breaches and more successful manipulation of public perception. On the domestic front, we can often see this happening.