Read on Twitter
1/ Today we announced 10 CIB takedowns, including 6 networks we removed during the month of September, and 4 that we removed as recently as this morning. We had already announced most of the Sept networks. https://about.fb.com/news/2020/10/removing-coordinated-inauthentic-behavior-september-report/
2/More than half of these 10 networks targeted domestic audiences in their countries and many of them were linked to groups and people linked to politically affiliated actors in each country — the US, Myanmar, Russia, Nigeria, The Philippines and Azerbaijan.
3/ Half of the takedowns in this report began based on our own internal investigations, and the other half are based on information published/shared by external groups, including the FBI and investigative reporters.
4/ A few specific thoughts on these networks (there were a lot of enforcements this month, so this is a long one!):
5/ The US-based operation used the same deceptive techniques that we have previously seen from foreign interference. We've seen this from other domestic networks around the world over the past 3 years. We enforced here based on their deceptive behavior - not their content.
6/ I want to call out the excellent investigative reporting by @isaacstanbecker from WashingtonPost, who first identified pieces of this op. Based on his work, our teams conducted our own investigation to identify the full scope of the violating behavior. https://www.washingtonpost.com/technology/2020/10/08/facebook-bans-media-consultancy-running-troll-farm-pro-trump-youth-group/
7/ After we completed our analysis, we shared information with Stanford’s Internet Observatory, who wrote a detailed analysis of this takedown: https://cyber.fsi.stanford.edu/io/news/oct-2020-fb-ralley-forge
8/ We’ve banned Rally Forge from our platforms. It is a marketing firm working on behalf of a number of clients including Turning Point USA and Inclusive Conservation Group. We’ve removed all assets we see engaged in the deception.
9/ Enforcements like these rely on on-platform evidence. We will continue to investigate and if we find additional deceptive behavior we will take action on that as well.
10/ This raises the question of what consequences should apply to orgs that hire firms to engage in deception, but don’t directly engage themselves. We enforce where we see on-platform evidence of deception, but this is an important question that goes beyond any single company.
11/ My team has been thinking about this problem for some time, and today we are also sharing several recommendations for how legislation or regulation could be most effective at tackling IO. https://about.fb.com/news/2020/10/recommended-principles-for-regulation-or-legislation-to-combat-influence-operations/
12/ One interesting detail: although their activity goes back to 2018, many of their fake accounts were blocked throughout their history by our automated systems. Perhaps b/c of this enforcement, they recently changed tactics to also use “thinly veiled personas.”
13/ These are accounts that mix some elements of the real people behind them with fake details. Imagine a fake ID with an accurate picture but different name or vice versa. Individual operators often controlled multiple of these thinly-veiled persona accounts.
14/ While this change may have helped them evade our automated systems, it also exposed them to both our expert investigators and the @isaacstanbecker, investigative journalist that first noticed this behavior.
15/ This emphasizes the rock-and-a-hard-place problem that we increasingly see threat actors face: they can try to hide from our automated systems, but that exposes them to our expert investigators and external researchers.
16/ The Azerbaijan takedown is an example of another tactic we have seen before: actors using Pages to act as fake profiles. They primarily commented on posts, trying to create the impression of broad support for their issues. Our team linked this to the government of Azerbaijan.
17/ This takedown came from our internal investigations - in particular, one of our fake engagement researchers. Many teams across FB then worked to build out the investigation, map the full scope of deceptive behavior, and ensure we could take action and share it publicly.
18/ The network in Nigeria targeted domestic audiences. We found links to the Islamic Movement in Nigeria as we investigated suspected CIB in the region, and limited links to a network we removed ( https://about.fb.com/news/2019/03/cib-iran-russia-macedonia-kosovo/) in March 2019.
19/ Finally, the Myanmar takedown targeted public debate within Myanmar, incl. some activity around the upcoming election. Our investigators found links to members of Myanmar military.
20/This is the 7th CIB takedown in Myanmar since 2018, and we’ll continue hunting for and exposing deception as we find it in Myanmar and elsewhere in the world.
21/ We began this investigation after learning of local public reporting about some elements of this activity, as part of our proactive work ahead of the election in Myanmar.
