Jerry Nelson, McLean, VA -  February 2018
bottom & links

The Russians discovered social media in 2016.

Russian and US intel communities watch each other.  Our intel community did not want to make a partisan election disturbance, and waited to tell us anything until after the coronation of Clinton.  Facebook was preoccupied with its global growth and was clueless.   Below, we go through Facebook's first public statement about what happened (27April2017), and I show along the way how their view compares to what the intel community revealed in dual briefings to the outgoing (Obama) and incoming (Trump) presidents -- at least as much of it as was cleared for public release on 6January2017. 

LEFT IT ON THE STOVE, SIMMERING.  The intelligence agencies saw Russian penetration of state election boards April, 2014, two years before the 2016 Presidential election season, and penetrations of the Democratic political party a year later (July 2015).  But the intel community did not go public until the January 2017 document below.  Here in Washington, talk is that it was assumed Hilary would win, so better to wait until that's done than to come out during the heated election battle and look partisan.  They were going to tell us that the Russians tried to throw the election to Trump, but obviously it didn't work, so we shouldn't worry, they would defend us. 

HOW DO TROLLS USE FACEBOOK?  In July 2015, more than a year before the election, Russia began penetration of servers at Democratic National Committee (DNC) headquarters, and later exploited what they stole by climbing onto Facebook and shouting about it.  Next to nothing was done to protect the DNC.   As for Facebook, they wanted no protection.  Facebook wanted all the traffic they could get, and Russia walked in, setting up a workshop ("troll factory") of people and automated equipment to give Facebook the traffic of tens of thousands of new people -- new accounts and registrations from people who sometimes posted the most amazing things -- look at the traffic! -- even paid money to take out ads.  This was the Facebook business model at work, and it was working.

It was easy for Russia to influence these people's psychology, because they weren't people.  After any juicy detail exfiltrated from the DNC had been dropped onto the Internet, the troll farm could "discover" it -- so many of them that soon the tidbit was "trending" and the race was on.  The ride got wilder with each new leak and soon there was so much momentum that Russia just dropped the entire set of files for John Podesta's emails -- Hillary Clinton's campaign chairman -- onto WikiLeaks without needing to pump it on Facebook.   I presume the emails passed through a chain of colorful conspirators -- institutions, organizations, and real people -- so that no one could prove the trail started with Russian intelligence, leaving only forensics people at the DNC servers saying, "That malware program looks like others we've seen from them -- can't prove it, but it looks like them."   The Russians drive Twitter the same way as Facebook, using automated robots ("bots" -- scripts and programs, not the kind of robots that assemble cars). 

NOT JUST THE USA.  High traffic means higher ratings and advertising returns.  When you roll out the carpet, you're asking to be walked on.  Here is Facebook's first look at itself and how it let Russia walk all over it . . . and then set up 30,000 known  troll accounts in France, to do the same thing all over again, to get an anti-democratic, pro-hate candidate to take France apart after their election (23April2017),  just as we are taking ourselves apart now. 

FWIW, I was a scientist, but Dad was a CIA Case Officer, so I've been aware since childhood that things aren't always what they seem. 

Facebook's first experience of being used to throw an election.

I'd like to take you through
Facebook's  Information Operations and Facebook, 27Apr2017, 13pp

enriched for better reality contact with the Director of National Intelligence report 6Jan2017, 25pp.

I've tried hard reduce Facebook's white paper in length and raise its honesty, while [keeping anything I add] perfectly clear.

"Information Operations and Facebook",

                    Facebook's side of the Russia story
                    EDITOR: J. I. Nelson, IEEE

                     05/18/2017  Rev 02/5/2018

Today, civic engagement takes place in an "information ecosystem" that is rapidly evolving with the planet's own globalization, something driven in turn by the information networks on which Facebook is another "platform".   Everyone is encouraged to enjoy access to these platforms, and to produce as well as consume.  The information ecosystem offers us

[EDITOR: We circled the globe in fiber-optic networks at the dawn of the millennium.  But these social platforms could arise on those big, fiber-optic networks only after software arose to manage "big data", spread across globally-distributed data centers and managed on elastically growing -- or contracting -- storage arrays.  The arrays electricity consumption is high enough to warrant building new data centers next to hydroelectric dams (cheaper rates) and the chips' heat generation is high enough to warrant building new data centers in the Arctic.  I return to "direct quotes" or (unquoted) a condensed paraphrase of Facebook's report.]

The network's immediacy, reach, and always-on persistence changes social contacts on them from person-to-person messaging into group-social interactions

Social networks have social amplification. Everyone is a potential social amplifier, and social amplification varies with social passion (followers), not with truth.

False amplifiers can be created with false accounts on any social network.  The account creation is performed by paid staff of government or non-state actors.

The creation of a "large numbers of sparsely populated fake accounts that ... engage with content at high volumes" is not currently well-automated.  Following account creation, engagement for false social amplification requires "people with language skills and a basic knowledge of the political situation in the target countries".   [EDITOR: Director of National Intelligence 6Jan2017 says these people work in St. Petersburg at the Internet Research Agency funded by a close Putin ally.]

False amplifiers must arouse passions, perhaps through sensationalism, to achieve social amplification of their message.  False news is used for passion-arousing sensationalism, as well as for the deception itself.  Deception is pursued with disinformation methods that include black propaganda (false flag news): "seeding stories to journalists . . ., including via fake online personas". [EDITOR: e.g., "Gucifer", below.]


FACEBOOK: "...we believe that campaigns based upon leaked or stolen information can be especially effective in driving engagement" because of their high inherent amplification factor.

For the Democratic National Committee and John Podesta e-mail leaks, FACEBOOK believes that there was "reconnaissance" followed by attempts to steal log-on names and passwords.  As Facebook puts it, "cyber operations against individuals" using "malware" on a few machines to exfiltrate "credentials" for many other machines, followed by "spearphishing" those other machines, then "account-takeover" where user/password credentials were already available, and then "data theft" from the entire server.  With "account takeover", there is no need for "targeted data collection" by malware, as the entire server can be exfiltrated. [EDITOR: "In July 2015, Russian intelligence gained access to Democratic National Committee (DNC) networks and maintained that access until at least June 2016." --Director of National Intelligence report of 6Jan2017. FACEBOOK "believes"/accepts these findings, and admits to no forensics of their own.}

[EDITOR: Voter rolls list party affiliation -- what if you turn up to vote and you're no longer on the rolls?  Gerrymandering colors our districts red and blue, it's obvious -- if you turn up to vote in your district, and the lines are too long because of "equipment problems"?  Is the server on which your state's votes are totaled any different from the DNC server that the Russians emptied?]  

After the DNC server was emptied (copied in its entirety) "content Creation"  began, by "seeding of stories to press, meme and story generation, and fake account/persona creation" on FACEBOOK's own platform.

[EDITOR: SOCIAL AMPLIFICATION:  The initial "amplifiers" were individual bloggers with whom foreign case officers (operatives like my father in his day) might have had contact, now approached by concealed-identity, online sources or "personas".  The most famous persona was Gucifer 2.0 -- the original Gucifer, 1.0 as it were, is a Romanian now in jail.  Gucifer 2.0 was a front for more than one individual and a source of stolen Democratic party documents before they were later dumped wholesale onto WikiLeaks. Later amplification was easier; Russia used social media platforms, where false amplifier groups running on false accounts had by then been set up, and could launch a (faked) social response.]

FACEBOOK describes early amplifiers on their own platform as "a smaller number of carefully curated accounts that exhibit authentic characteristics with well-developed online personas."  [Editor: this was Rev 1, and the success surprised everyone. Obviously Russia will have decided to invest in more computer automation, so that more bot accounts can look, in Facebook's terms, "carefully curated". ]  

"False amplification" proceeded with "fake accounts spreading memes [easily-perceived logos and mythology] and content, creation of astroturfing groups, and comment[-area] spam."   [EDITOR: It's so easy and effective to excite people hooked on social media that Russians amplified and perhaps actually staged street demonstrations in our cities.]

FACEBOOK believes the intent was:

1. "Promoting or denigrating a specific cause or issue.
2. "Sowing distrust in political institutions.
3. "Spreading confusion . . . muddying civic discourse and
        pitting rival factions against one another.
        In several instances, we identified malicious actors on FACEBOOK who,
        via inauthentic accounts, actively engaged across the political spectrum
        with the apparent intent of increasing tensions between supporters
        of these groups and fracturing their supportive base."
        [EDITOR  telling Democrats that Hillary screwed Bernie Sanders.]



For [implicitly] the John Podesta emails, FACEBOOK states:

-- "private...information was accessed and stolen;"

-- "Dedicated sites hosting this data were registered;"

-- "Fake personas were created on Facebook and elsewhere to ...amplify awareness of this

-- Entire social media "pages were created to amplify news accounts of, and
        direct people to, the stolen data;" [EDITOR: a social media "page" is
        yesterday's Internet "home page."  The social media "page" can come with separate
        pages/screens showing your education and places lived, photos,
        "movies I recently
watched", my thoughts for the day -- all of them cluttered up with
        comments from "friends".  This is what the Russians did on what Facebook called
        their "carefully curated" robot pages, crafted on their  troll farm.]

-- "From there, organic proliferation of the messaging and data through
        authentic peer groups and networks was inevitable." [EDITOR: 'viral'

FACEBOOK wishes to remind us that, although a "set of malicious actors engaged in false amplification", "the reach of the content spread by these accounts was less than one-tenth of a percent of the total reach of [all] civic content on FACEBOOK."

[THE EDITOR RESPONDS:  This claim is all but meaningless.  Everything is less than one-tenth of a percent on Facebook.  The 300 petabytes of data already in FACEBOOK's data centers (the Hive, 2014) is incomprehensibly large.  It would fill a pile of the biggest, most expensive hard drives today -- 10 terabytes each -- three-quarters of a kilometer high to hold the data FACEBOOK has accumulated (and sells).  All my most favorite, danceable pop hits add up to nearly 1GB of storage.  I could put a copy onto Facebook's servers for each man, woman and child in the USA -- spread that gigabyte out to 300 million people -- and that, too, would be less than one-tenth of a percent of the total data store of FACEBOOK.  The amount of Russian-related traffic was enormous.   The world is in a new place.  Fiber optics, the LAN, the router, the Internet itself, the integrated circuit CPUs that run it all, social media -- Napster, Facebook, Twitter -- all invented by us, and now turned against us.  Truly must they think we are stupid.  We are the most technologically advanced civilization yet seen on the face of this Earth.  We must either understand the technology or lose the civilization.] 

"Facebook is not in a position to make definitive attribution . . . however our data does [sic] not contradict the attribution provided by the U.S. Director of National Intelligence" [DNI] in the 6 Jan 2017 report, "Assessing Russian Activities and Intentions in Recent US Elections,"



[EDITOR: The intel report says the FBI, CIA, and NSA are confident Russia used paid media trolls, and sought to undermine Clinton's future as President when they thought she had one, and undermine her campaign when they thought it could be killed.  Putin directed this campaign.

Also, the intel community says: "Russian intelligence obtained and maintained access to elements of multiple US state or local electoral boards" and "researched US electoral processes and related technology and equipment" since early 2014, but [EDITOR] chose not to preferentially block voters by changing registration rolls, enter voting machines to change machine tallies, or interfere with the totalizing network for all machines, the DNI implies, albeit it is now too late to confirm such assertions with an audit of the hardware.  The attempt of the Green Party's Jill Stein to get the machines impounded in time for forensic checks was crushed, and the opportunity forever lost.  If you thought it was about "recounting the vote," you played into Russia's hands.  The issue remains voting machine integrity and post-election forensics. Please be more savvy, this is not over.]


False amplification from fraudulent accounts has a technical fingerprint:
--synchronized account creation
--synchronized content posting
--synchronized responses ("likes", re-postings)
--episodic bouts of content creation

Detecting synchronization does not require FACEBOOK to judge content.


Foreign financing that leaves [mis-]information operations "not constrained by per-unit economic realities" and makes detection by FACEBOOK more complex.  Nevertheless, FACEBOOK could "take action against over 30,000 fake accounts" in France as of April 13. [Emmanuel Macron and Marine LePen emerged as front-runners on the 23 April 2017 first-round election; Macron's final win was 7 May 2017.]


High-profile FACEBOOK users get high-sophistication attacks.  FACEBOOK has to be "working directly with government bodies" to achieve the extra protections needed for such targeted individuals, and targets must also act when notified by FACEBOOK.  [This means Facebook is working closely with high-power intrusion detection gurus today to protect Donald Trump's account, and is not talking about it.]  

New Facebook "products" (user pop-ups) lower the social amplification factor.

The dear old days of individuals abusing other individuals (stealing an account and its identity, abusing and stalking one person online or flooding a forum  with spam) are now eclipsed by the larger problems discussed here, FACEBOOK notes with apparent pride and perhaps a touch of sadness.

                                       cut and Paste - Doug Reina Y2K

top -- you are reading how Russia used Facebook's platform to draw attention to juicy information exfiltrated by cyberattacks that penetrated poorly shielded American servers
The March for Science, 2017 - a photoessay
Climate March, 2017 - a photoessay
home for this website, such as it as
A happier website with a couple travel photoessays

Rev 20May202017  
Rev 8Feb2018 added introduction for how trolls do it, how my father did it, 11Feb
and sketched  multi-year context of Russia's cybersurveillance - persistent, aren't they?  Not going away any time soon.
Rev17Feb18 should have put my name on top. 
Rev7Mar18 typos, JillStein link