Over the last year, we have been much more proactive in finding and removing inauthentic behavior, including from foreign actors. To stay ahead, we need to work closely with government, the security community and other tech companies. Last week’s takedowns were a good example of that work in action.
On November 4, the FBI tipped us off about online activity that they believed was linked to foreign entities. Based on this tip, we quickly identified a set of accounts that appeared to be engaged in coordinated inauthentic behavior, which is banned on Facebook because we want people to be able to trust the connections they make on our services. So we immediately blocked these accounts, and given the timing just before the US midterm elections,publicly announced what we found and the action we were taking. We also shared that information with the government and other companies to help them with their own investigations. [Updated on November 13, 2018 at 10:15AM PST to correct the date we were contacted by the FBI.]Today, we are providing an update on what we’ve learned.
What We’ve Found So Far
How We Work With Our Partners to Combat Information Operations
Sample ContentNovember 13, 2018
What We’ve Found So FarBy Nathaniel Gleicher , Head of Cybersecurity Policy
As we’ve continued to investigate, we detected and removed some additional Facebook and Instagram accounts. Combined with our takedown last Monday, in total we have removed 36 Facebook accounts, 6 Pages, and 99 Instagram accounts for coordinated inauthentic behavior. These accounts were mostly created after mid-2017, apart from a few outliers. We found a total of about 1.25 million followers of at least one of these Instagram accounts, with just over 600,000 located in the US. By comparison, the recent set of accounts that we removed which originated from Iran had around 1 million followers. We didn’t find any Facebook events.
We found a total of about 65,000 followers of at least one of the Facebook Pages, which contained posts almost exclusively in French. About 60 followers were located in the US. There was about $4,500 in ad spend from these Pages, and none of the ads ran in the US. We didn’t find any ad spend on Instagram, and these accounts seem to have mostly been in English. Below we have included some examples of the content that was being shared: there were a lot of posts about celebrities, as well as the kind of social issues we’ve seen before, for example women’s rights and LGBT pride.
We’vepreviously discussed how challenging it can be to say for certain who is behind this type of activity and what their motives may be. Last Tuesday, a website claiming to be associated with the Internet Research Agency, a Russia-based troll farm, published a list of Instagram accounts they said that they’d created. We had already blocked most of them, and based on our internal investigation, we blocked the rest.
Ultimately, this effort may have been connected to the IRA, but we aren’t best placed to say definitively whether that is the case. As multiple independent experts have pointed out, trolls have an incentive to claim that their activities are more widespread and influential than may be the case. That appears to be true here as well.
What’s clear is that as we improve, our opponents will change their tactics and improve, too. They are smart, well-funded and have every incentive to continue their efforts, even if some of their actions have very little impact. To stay ahead of this misuse, we need to continue to invest heavily in security, as well as our work with governments and other technology companies. It will take the combined efforts of the public and private sectors to prevent foreign interference in elections.
November 13, 2018
How We Work With Our Partners to Combat Information Operations
By Nathaniel Gleicher , Head of Cybersecurity Policy
Preventing misuse on Facebook is a priority for our company. In the lead-up to last week’s US midterms, our teams were closely monitoring for any abnormal activity that might have been a sign of people, Pages or Groups misrepresenting themselves in order to mislead others.
But finding and investigating potential threats isn’t something we do alone. We also rely on external partners, like the government or security experts. When it comes to coordinated inauthentic behavior ― people or organizations working together to create networks of accounts and Pages to mislead others about who they are, or what they’re doing ― the more we know, the better we can be at understanding and disrupting the network. This, in turn, makes it harder for these actors to start operating again.
To get this information, we work with governments and law enforcement agencies, cybersecurity researchers, and other technology companies. When appropriate, we also share what we know with these groups to help aid their investigations and crack down on bad actors. After all, these threats are not limited to a specific type of technology or service and have far-reaching repercussions. The better we can be at working together, the better we’ll do by our community.
These partnerships were especially critical in the lead-up to last week’s midterm elections. As our teams monitored for and rooted out new threats, the government proved especially valuable because of their broader intelligence work. As bad actors seemingly tried to create a false impression of massive scale and reach, experts from government, industry, civil society, and the media worked together to counter that narrative. As we continue to build our capability to identify and stop information operations, these partnerships will only grow more valuable. This is why today, I want to share more about how we work with each of these groups ― and some of the inevitable challenges that come along with this collaboration.
Government & Law Enforcement
With backgrounds in cybersecurity, digital forensics, national security, foreign policy and law enforcement, the experts on our security team investigate suspicious behavior on our services. While we can learn a lot from analyzing our own platforms, law enforcement agencies can draw connections off our platform to a degree that we simply can’t. For instance, our teams can find links between accounts that might be coordinating an information operation based on how they interact on Facebook or other technical signals that link the accounts together ― while a law enforcement agency could identify additional links based on information beyond our scope.
Tips from government and law enforcement partners can therefore help our security teams attribute suspicious behavior to certain groups, make connections between actors, or proactively monitor for activity targeting people on Facebook. And while we can remove accounts and Pages and prohibit bad actors from using Facebook, governments have additional tools to deter or punish abuse. That’s why we’re actively engaged with the Departme
