Facebook takes down Russian disinformation network

Facebook and Instagram have taken down a network run by people in Russia and Ukraine targeting Ukraine for violating the Meta policy “against coordinated inauthentic behavior.”
Facebook’s parent company Meta has informed that the network ran websites posing as independent news entities and created fake personas across social media platforms including Facebook, Instagram, Twitter, YouTube, Telegram, and also Russian Odnoklassniki and VK.
“In the past few days, we’ve seen increased targeting of people in Ukraine, including Ukrainian military and public figures by Ghostwriter, a threat actor that has been tracked for some time by the security community. We continue to roll out privacy and security measures to help people in Ukraine and Russia protect their accounts from being targeted,” said Nathaniel Gleicher, Head of Security Policy, and David Agranovich, Director, Threat Disruption, at Meta.
“In response to Russia’s invasion of Ukraine, our teams have been on high alert to identify emerging threats and respond as quickly as we can. Here are a few updates on our security work,” they said in a blog post.
In the last 48 hours, Meta uncovered a relatively small network of about 40 accounts, pages and groups on Facebook and Instagram. “They were operated from Russia and Ukraine and targeted people in Ukraine across multiple social media platforms and through their own websites. We took down this operation, blocked their domains from being shared on our platform, and shared information with other tech platforms, researchers and governments. When we disrupted this network on our platform, it had fewer than 4,000 Facebook accounts following one of more of its pages and fewer than 500 accounts following one or more of its Instagram accounts,” informed Meta.
This network, said Nathaniel and David, used fake accounts and operated fictitious personas and brands across the internet — including on Facebook, Instagram, Twitter, YouTube, Telegram, Odnoklassniki and VK — to appear more authentic in an apparent attempt to withstand scrutiny by platforms and researchers. “These fictitious personas used profile pictures likely generated using artificial intelligence techniques like generative adversarial networks (GAN). They claimed to be based in Kyiv and posed as news editors, a former aviation engineer, and an author of a scientific publication on hydrography — the science of mapping water. This operation ran a handful of websites masquerading as independent news outlets, publishing claims about the West betraying Ukraine and Ukraine being a failed state,” they said.
They said that their investigation is ongoing, and so far they have found links between this network and another operation they removed in April 2020, which was then connected to individuals in Russia, the Donbass region in Ukraine, and two media organisations in Crimea — NewsFront and SouthFront, now sanctioned by the US government.
Meta officials informed that Ghostwriter typically targets people through email compromise and then uses that to gain access to their social media accounts and post disinformation as if it’s coming from the legitimate account owners.
“We detected attempts to target people on Facebook to post YouTube videos portraying Ukrainian troops as weak and surrendering to Russia, including one video claiming to show Ukrainian soldiers coming out of a forest while flying a white flag of surrender. We’ve taken steps to secure accounts that we believe were targeted by this threat actor and, when we can, to alert the users that they had been targeted. We also blocked phishing domains these hackers used to try to trick people in Ukraine into compromising their online accounts,” said Meta in the blog post.
Account Security
Meta has advised the people in Ukraine and Russia to take steps to strengthen the security of their online accounts to protect themselves from being targeted by threat actors.
“We encourage people to use caution when accepting friend requests and opening links and files from people they don’t know. Please refrain from reusing the same passwords across different services to prevent malicious hackers from gaining access to your information. We also strongly recommend using two-factor authentication on all online accounts,” said the company.
Earlier this week, Meta rolled out additional privacy and security protections in Ukraine. The company is now adding them in Russia as well, in response to public reports of targeting of civil society and protesters.