Welcome to The Cybersecurity 202! After this morning, we'll be away for a bit to close the month. See you next on Sept. 6.
A spokesperson for Meta, Facebook’s parent company, said it was the first time it “has removed a foreign-focused influence network promoting the United States’ position,” as my colleague Naomi Nix reported (with an assist from Ellen Nakashima).
The report doesn’t claim the U.S. government sponsored the campaign, despite drawing potential links. Nor do Facebook or Twitter. Nonetheless, the findings raise fascinating questions about the limits of the U.S. government to conduct cyber-related activities overseas, and the willingness of U.S. organizations to call it out.
Examining the report
The network of fake accounts touted messages that supported the United States while opposing those of others, like China, Russia and Iran, according to the report. (Major social media companies are usually taking down fake news campaigns from, well … China, Russia and Iran.)
Wednesday’s study said the batch of pro-U.S. accounts even did things that everyone does on social media, like post cat pictures, in a bid to appear like authentic users.
The report made an impression on the internet. Here’s Rolling Stone reporter Adam Rawnsley:
This is a BFD. We're used to seeing covert pro-Iran/Russia/China/Saudi/UAE/Nicaragua/Philippines/etc social media influence campaigns get ID'ed and booted by the big platforms like Facebook/Twitter. First time we're seeing a pro-US campaign ID'ed & booted https://t.co/7Kwx7k7Rfh— Adam Rawnsley (@arawnsley) August 24, 2022
But it’s important not to overstate the reach of the removed network of fake accounts. Here’s journalist Kim Zetter:
Covert influence ops pushing pro-US, pro-West messaging are apparently not as successful as Russia/China ops. “The covert accounts had low engagement…The vast majority of posts and tweets reviewed received no more than a handful of likes or retweets. Avg was <1.” https://t.co/oIW1z9ntgf— Kim Zetter (@KimZetter) August 24, 2022
There’s a fuzzy line connecting the campaign to a prior, more overt U.S. campaign by U.S. Central Command, which is part of the Defense Department. The Stanford Internet Observatory’s Renee DiResta explained:
There is also a distinct Twitter data subset linked to a prior overt ~2008-14 CENTCOM operation, a network of sites known as the Trans Regional Web Initiative. Report notes our assessment that the covert network & TRWI network appear to be separate efforts; we focused on covert.— Renee DiResta (@noUpside) August 24, 2022
What the U.S. can do
To emphasize, no one has said the U.S. government was behind the network. But it’s a reminder of past incidents raising the issue of whether feds can hype the U.S. message using fake accounts.
For instance, the issue drew attention all the way back in 2011:
- “The US military is developing software that will let it secretly manipulate social media sites by using fake online personas to influence internet conversations and spread pro-American propaganda,” the Guardian reported at the time about a Central Command contract.
The Defense Department recently spelled out guidelines for using official social media accounts.
As for the story Wednesday about the fake accounts:
- “Brig. Gen. Patrick S. Ryder, Pentagon press secretary, said in a statement the Defense Department would ‘look into and assess any information that Facebook provides.’”
The researcher side of things
Another interesting component of the report is who published it: a U.S. company and a U.S. university.
Usually, reports on U.S.-based internet or cyberspace activities come from overseas. Most recently, a Chinese cybersecurity firm alleged in February that a decade-old exploit was the work of a hacking group associated with the U.S. National Security Agency.
Russia-headquartered cybersecurity firm Kaspersky reportedly exposed a U.S.-led counterterrorism cyberespionage operation in 2018, although the company didn’t attribute the operation to the United States. It only said an “advanced persistent threat” group was behind it — a term often used in the cybersecurity field to describe hackers associated with a nation-state. Kaspersky also outed the Equation Group, suspected of NSA ties.
Some U.S. cybersecurity companies have expressed reservations about the idea of burning U.S. cyber operations. Many of them collaborate with the U.S. government in examining threats.
A 2020 study pointed to further instances of intermingling where government agencies share information on hackers with cyber companies:
- “In these cases, the government shares classified information with particular tech companies with the intent that the companies use the information to make attributions that the government wants them to make, but does not want to make itself (at least at that time). The companies effectively ‘launder’ the information for the government, presumably because the public sees the companies as more neutral and objective than the Executive.”
The U.S. angle doesn’t seem to have presented any issues with Wednesday’s report, or prevented a response.
“There was absolutely no hesitation in publishing the report,” John Perrino, a policy analyst for the Stanford Internet Observatory, told me. “The Stanford Internet Observatory has not reached out to U.S. government officials about the Unheard Voice report to inquire about responsibility.”
Said Twitter spokesperson Elizabeth Busby: “We continue to disclose information operations identified on Twitter, given their severe impact on public discourse around the world — regardless of their presumptive country of origin.”
Twitter whistleblower will testify before Senate committee next month
Former Twitter security chief Peiter “Mudge” Zatko will appear at a Sept. 13 Senate Judiciary Committee hearing pursuant to a subpoena, Cat Zakrzewski reports. The hearing was announced just a day after The Post reported that Zatko had filed a whistleblower complaint alleging that Twitter has had “extreme, egregious deficiencies” in defending against hackers.
- Beyond the hearing, Senate Judiciary Committee Chairman Richard J. Durbin (D-Ill.) and the committee’s top Republican, Sen. Charles E. Grassley (R-Iowa), said they’d “take further steps as needed to get to the bottom of these alarming allegations.”
Regulators in Europe have also taken notice of Zatko’s complaint.
- Ireland’s Data Protection Commission, the lead E.U. supervisor of Twitter’s compliance with European data protection rules, “became aware of the issues when we read the media stories [yesterday] and have engaged with Twitter on the matter,” deputy commissioner Graham Doyle told TechCrunch’s Natasha Lomas.
- France’s data-privacy agency, CNIL, says it’s “studying” the complaint that Zatko sent to U.S. regulators, Politico Europe’s Peter O’Brien reports. “If the accusations are correct, the CNIL could take action leading to legal proceedings or a sanction, if it's clear there were breaches,” the regulator added.
- Twitter general counsel Sean Edgett told employees that the company reached out to “various agencies” around the world before The Post and CNN published stories on Tuesday about Zatko’s whistleblower complaint, Reuters reported. Twitter officials including chief executive Parag Agrawal and Edgett continued to push back on Zatko’s allegations, with Agrawal saying that they were “foundationally, technically and historically inaccurate,” the outlet reported.
Zatko’s complaint also made an appearance at a court hearing in Delaware. Lawyers representing Tesla chief executive Elon Musk used the high-ranking former Twitter executive’s allegations to argue for more data to support their case at a discovery hearing, Faiz Siddiqui and Elizabeth Dwoskin report.
DHS advisory council advances report on disinformation work
The Homeland Security Advisory Committee, a group of outside advisers appointed by DHS leaders, unanimously approved a subcommittee report on the department’s disinformation work, sending it to Homeland Security Secretary Alejandro Mayorkas’s desk. The report calls for DHS to standardize its work to counter misinformation and disinformation, effectively communicate about its work to combat inaccurate information and “bolster the role” of its intelligence and analysis wing, which gets reports about disinformation from the U.S. intelligence community and other organizations, according to the report.
The report comes three months after DHS paused its Disinformation Governance Board amid Republican criticism. The Homeland Security Advisory Council last month urged Mayorkas to scrap the board, saying it wasn’t necessary. Mayorkas on Wednesday officially scrapped the board and rescinded its charter. He said in a statement that DHS welcomed the board's recommendations.
“With the HSAC recommendations as a guide, the Department will continue to address threat streams that undermine the security of our country consistent with the law, while upholding the privacy, civil rights, and civil liberties of the American people and promoting transparency in our work,” Mayorkas said in the statement.
Securing the ballot
On the move
- Tom Kellermann has joined Contrast Security as its senior vice president of cyber strategy. Kellermann previously was head of cybersecurity strategy at VMWare and chief cybersecurity officer at Carbon Black Inc.
Secure log off
Thanks for reading.