The Washington PostDemocracy Dies in Darkness
The Cybersecurity 202

A newsletter briefing on cybersecurity news and policy.

Nearly 2,000 fake Twitter accounts were trying to churn up U.S. voters even more

The Cybersecurity 202

A newsletter briefing on cybersecurity news and policy.

Good morning and happy Tuesday! I’m filling in for Tim this morning with a tale about fake Twitter accounts. Follow me on Twitter (but only if you’re real): @aaronjschaffer.

Below: The FTC took action against an educational technology firm over its cybersecurity, and politicians’ increasing use of TikTok is raising questions about whether it’s prepared for misinformation. First:

Twitter says hundreds of China-based accounts tried to stoke division before midterms

At first glance, the Twitter accounts belonging to “Ultra MAGA BELLA Hot Babe” and “Salome Cliff” don’t seem to have much in common. With the former alleging voter fraud and criticizing transgender people, and the latter praising President Biden, the two accounts racked up thousands of followers on Twitter.

But the accounts were actually part of a newly disclosed China-based operation seeking to influence U.S. politics in the run-up to the midterms by amplifying polarizing topics. That’s according to new data on several foreign influence operations released by Twitter, my colleagues Naomi Nix, Jeremy B. Merrill and Joseph Menn report.

Some of the nearly 2,000 Twitter accounts that were part of three China-based operations were active as recently as last month. Some purported to be located in the United States. Twitter told researchers who analyzed its data that it wasn’t attributing the activity to any specific governments. The company didn’t respond to a request to further comment.

“The disclosure by Twitter adds to what is known about China-based efforts to influence American audiences by mimicking the strategies Russia-based operatives used to stoke cultural and political tensions during the 2016 election,” they write. 

The disclosure comes with just one week until the midterms. There have been signs that Chinese and pro-China operations have sought to stir things up ahead of the midterms, my colleague Tim Starks reported last week.

  • The FBI has warned political party organizations that apparent Chinese government-affiliated hackers scanned their systems — a potential precursor to hacking operations, The Cybersecurity 202 reported last month.
  • In September, Facebook and Instagram parent Meta announced that it disrupted a China-based operation trying to influence U.S. politics ahead of the midterms. But that campaign didn’t get as much engagement as the campaigns on Twitter.
  • Cybersecurity firms like Google’s Mandiant, Recorded Future and Alethea Group have also warned about Chinese influence operations in recent reports.

Many cybersecurity experts say they’re more concerned about influence operations in the run-up to the midterms than they were in 2020, according to a poll of The Cybersecurity 202’s Network group of experts.

The strategy

The China-based tweets sought to amplify ideas originating from America’s ideological extremes, Graham Brookie, the head of the Atlantic Council’s Digital Forensics Research Lab, told my colleagues.

“This is equal opportunity hyper-partisanship, a tactic that’s been more embraced by Russia,” said Brookie, who also said the campaign was more assertive than past Chinese campaigns. “It’s the same theory of the case: a weakened adversary is one that allows you to shape geopolitics more.”

Twitter ultimately removed the accounts for violating its rules against platform manipulation and spam, the company said.

There’s more

Beyond the China-based operations, Twitter also disclosed some other interesting accounts.

An Iran-based network leveraged mostly liberal personas to amass nearly 25,000 followers and millions of likes on its tweets, which “interspersed liberal, anti-Trump messaging with harsh anti-Israel slogans,” my colleagues write. One of the accounts involved — 10Votes81 — endorsed candidates even in local races while posing as an advocacy group. It even acted as a moderator on a Reddit discussion board, Political_Revolution, which has more than 100,000 subscribers, said Renee DiResta of Stanford’s Election Integrity Partnership.

  • Down-ballot endorsements are new territory for foreign influence efforts, DiResta told my colleagues.

Some of the accounts discovered by Twitter were just plain weird. A “China-based account removed by Twitter mixed anti-Russia posts with what appeared from the text to be politically tinged pro-Trump pornography,” my colleagues write. In May, ”Ultra MAGA BELLA Hot Babe” tweeted that former president Barack Obama is a “lizard person who is a member of the Illuminati,” according to copy of the tweet archived by the Internet Archive.

Twitter’s disclosure of the takedowns come at an important time for the company. 

  • “Twitter’s takedown of the networks, which mostly operated between April and October, came during a stormy period for the social media giant as it prepared to be sold to billionaire Elon Musk and faced ongoing scrutiny over how it polices misinformation ahead of next week’s midterms, when political control of Congress is up for grabs,” my colleagues write.

The keys

FTC goes after educational technology firm Chegg over ‘careless security’

The Federal Trade Commission accused the company of having lax cybersecurity practices that led to data breaches that exposed personal information belonging to tens of millions of its users, the New York Times’s Natasha Singer reports. Chegg agreed to implement a comprehensive data security program to settle the charges, the FTC said.

“The FTC’s enforcement action against Chegg, a prominent industry player, amounts to a warning to the U.S. education technology industry,” Singer writes.

It comes months after the FTC unanimously warned educational technology companies against illegally surveilling students and having weak cybersecurity programs. A May investigation by Human Rights Watch found that many educational tools were designed to send data to advertising firms, with few telling parents how they would use the data.

True the Vote leaders jailed after refusing to release name of person involved in meeting about election-software firm

Catherine Engelbrecht and Gregg Phillips, who are prominent members of the election denier movement, were jailed for being in contempt of a court order to release the name of a person who allegedly helped True the Vote access Konnech’s computer systems, Azi Paybarah reports.

“The order marked the latest twist in a defamation case brought last month by Konnech, an election software company that True the Vote claimed allowed the Chinese government to have access to a server in China that held the personal information of nearly 2 million U.S. election workers,” Azi writes. “Konnech has vigorously disputed the claim.”

In a statement, Engelbrecht said that “we will be held in jail until we agree to give up the name of a person we believe was not covered under the terms of the judge’s” order. Michael J. Wynne, a lawyer for Engelbrecht and Phillips, said “we’re looking at alternate remedies” and declined to comment further. True the Vote spokesperson Katie Breen in a statement said the group was calling for the “immediate release” of its leaders and said its attorneys were appealing.

Konnech attorney Dean Pamphilis said that “Judge Hoyt’s order holding Ms. Engelbrecht and Mr. Phillips in contempt speaks for itself.”

Konnech chief executive Eugene Yu was arrested last month on charges that appeared to mirror some of True the Vote’s claims. The Los Angeles districts attorney’s office eventually downgraded the accusations, saying Konnech exposed personal information of “tens of thousands of County workers to possible compromise.” Yu’s attorney has asked for the charges to dismissed, asserting that they are without merit.

Democratic politicians are more likely than Republicans to use TikTok

Politicians’ increased presence on TikTok signals that the app, owned by a Chinese company, could play a larger role in future elections, Cat Zakrzewski, Naomi Nix and Taylor Lorenz report.

“Nearly 30 percent of all major-party candidates in Senate races have TikTok accounts, and one-fifth of all major-party House candidates have an account on the platform,” they write. That’s according to a new analysis from the Alliance for Securing Democracy, a U.S.-based nonprofit group that examines efforts by foreign nations to interfere in democratic institutions.

  • Democrats are more likely to embrace TikTok, with 34 percent of candidates for Senate, House, governor and state secretary of state having TikTok accounts, according to the report. Around 12 percent of Republican candidates in those races have accounts.
  • Politicians are still learning how to best use the app, according to a Post review of those accounts. “Some clips attack their opponents or feature cameos from celebrity supporters,” my colleagues write. “Others encourage young people to vote.”

TikTok has announced new policies and initiatives in the run-up to the midterms, including by adding labels for political content, directing users to an Election Center. TikTok takes “our responsibility to protect the integrity of our platform and elections with utmost seriousness,” spokesman Ben Rathe said. “We continue to invest in our policy, safety and security teams to counter election misinformation and verify accounts of politicians in the U.S.”

Government scan

CISA funds expanding access to cybersecurity programs at HBCUs, K-12 schools (The Record)

Leaked documents outline DHS’s plans to police disinformation (The Intercept)

National security watch

Spy agency embraces meme culture and the internet is here for it (CyberScoop)


  • Deputy national security adviser Anne Neuberger, National Security Council senior director for cybersecurity and emerging technology Steven Kelly and officials from Canada and France speak at the International Cybersecurity Forum in Montreal today and Wednesday.
  • CISA Director Jen Easterly and CISA Chief Strategy Officer Valerie Cofield speak at a Center for Strategic and International Studies event today at 10 a.m.

Secure log off

Thanks for reading. See you tomorrow.