The Cybersecurity 202: Twitter's fake account purge can help turn the tide against influence campaigns

If the mass suspensions continue at this rate, they could go a long way to curb the types of automated social media offensives the Russian government carried out in 2016. Part of what made the Kremlin’s disinformation campaign so successful was its use of constantly tweeting bots to amplify divisive posts, inflame political tensions and mislead voters. Although the results aren’t obvious yet, the Twitter purge could be a bulwark against Russian influence operations that U.S. intelligence chiefs say are continuing ahead of the November midterms.

“While it certainly won't stop the abuses and weaponization of this space, it makes it much harder on those trying to automate such acts,” said Peter Singer, a strategist at the nonpartisan think tank New America. “Previously, the barriers to entry to automating abuse and disinformation were incredibly low. This was both because the corporate incentives were more focusing on user numbers and a general Silicon Valley problem of turning a blind eye to how their babies had grown up into battlefields.”

Indeed, Twitter’s decision to crack down didn’t come easily, as my colleagues report. Executives debated for months about whether to implement new detection tools, and finally took action under sustained pressure from Congress and after internal reviews revealed that tens of thousands of automated accounts were connected to the Russian government, Craig and Elizabeth write.

Twitter probably will have to devote considerable resources to keep this war on bots and trolls going. Already, the removal of fake and suspicious accounts could cause a dip in Twitter's monthly user numbers, which as Gizmodo noted play a big part in the company’s earnings reports. And continuing to snuff out those accounts could wind up becoming a game of whack-a-mole, Singer said.

“It is a battlefield, so the enemy gets a vote. All the techniques that Twitter puts in place will be studied for counters,” he told me. “And that is the challenge for [social media] firms, that the resources spent here aren't ones spent on its primary mission — making profit.”

There were some signs earlier this year that Twitter, which long took a hands-off approach to policing misconduct on its platform, was stepping up its fight against trolls and bots. In January, Twitter identified thousands of accounts linked to the Russian troll farm Internet Research Agency and notified hundreds of thousands of users that had interacted with them. Several weeks later, it wiped thousands of suspected bot accounts from the platform in one swoop. And in a post last month, the company said it had “identified and challenged” nearly 10 million “potentially spammy or automated accounts per week,” up from 3.2 million in September.

Twitter officials started arguing for a broader assault on the suspect accounts after learning that many bot accounts used by Russian operatives weren’t actually created for disinformation campaigns but were existing accounts that were purchased on the black market, my colleagues report:

"An internal battle ensued over whether the company’s traditional approach to spam would work in combating disinformation campaigns organized and run by nation-states such as Russia.

Rather than merely assessing the content of individual tweets, the company began studying thousands of behavioral signals, such as whether users tweet at large numbers of accounts they don't follow, how often they are blocked by people they interact with, whether they have created many accounts from a single IP address, or whether they follow other accounts that are tagged as spam or bots."

The sheer number of accounts Twitter has suspended — and continues to suspend every month — shows just how vast the fake account problem is. In light of Twitter’s latest crackdown, some observers wondered whether the company could keep growing quashing so many suspicious or automated accounts.

From Kurt Wagner, Recode’s social media reporter:

And Yahoo Finance columnist David Pogue:

Marietje Schaake, a member of European Parliament, marveled at number of accounts Twitter had already scrubbed: 

Still, said Philippe Reines, a former top aide to Hillary Clinton, Twitter’s leadership deserved credit:

PINGED: A report by Metro's inspector general highlighted cyber weaknesses in the transit agency's network, The Washington Post's Martine Powers reports. “Metro’s increased emphasis on security reflects increasing awareness at transit agencies across the country that day-to-day operations of their decades-old subway systems could be attractive targets to hackers,” my colleague wrote. Metro's inspector general decided not to make the report public out of concern of publicizing weaknesses that could be exploited by hackers and intends to carry out another six audits on security issues during the next fiscal year.

“The report focused specifically on Metro’s 'incident response' capabilities and whether tech experts within the agency have the proper procedures and know-how to quickly detect, fend off and shut down a hack,” Powers wrote. “Although Metro has procedures in place in the event of an attack, 'the program has opportunities for improvement,' the inspector general’s report said.”

The next planned security audits will look at potentially dangerous events, according to Powers. “Those reviews will examine a range of potential hazards — from a massive data breach of SmarTrip card information to potential attacks that could interfere with critical safety operations such as rail traffic control systems, gas and fire sensors, the power grid, station ventilation, and voice and data communications,” she wrote.

PATCHED: A court in Wisconsin handed a maximum fine of $1.5 million to a Chinese company for stealing the source code that underpinned technology belonging to U.S. energy company AMSC, the Justice Department announced in a statement on Friday. Dejan Karabasevic, a Serbian man who worked for an AMSC subsidiary in Austria and was hired by the Chinese company Sinovel, was accused of downloading the source code in 2011 from a computer owned by AMSC in Wisconsin into a computer in Klagenfurt, Austria. The court in Madison, Wis., found that the American company lost more than $550 million as a result of the intellectual property theft, the Justice Department said in the statement.

“Rather than pay AMSC for more than $800 million in products and services it had agreed to purchase, Sinovel instead hatched a scheme to brazenly steal AMSC’s proprietary wind turbine technology, causing the loss of almost 700 jobs and more than $1 billion in shareholder equity at AMSC,” John P. Cronan, an acting assistant attorney general, said in a statement. Sinovel has paid $32.5 million to AMSC and will later pay another $25 million as part of a settlement between the two companies, according to the Justice Department. Sinovel will be on probation for a year until it has fully paid the settlement money.

PWNED: “With millions of cameras and billions of lines of code, China is building a high-tech authoritarian future,” the New York Times’s Paul Mozur reported on Sunday. “Beijing is embracing technologies like facial recognition and artificial intelligence to identify and track 1.4 billion people. It wants to assemble a vast and unprecedented national surveillance system, with crucial help from its thriving technology industry.” For instance, Mozur reports that authorities use facial recognition to name and shame pedestrians who cross the street illegally at a specific intersection in the city of Xiangyang and use software to track Uighur people, a Muslim minority, in the western part of the country. 

Under Chinese President Xi Jinping, the country has expanded its use of technology to spy on its people, the Times reported. “China has become the world’s biggest market for security and surveillance technology, with analysts estimating the country will have almost 300 million cameras installed by 2020,” Mozur wrote. “Chinese buyers will snap up more than three-quarters of all servers designed to scan video footage for faces, predicts IHS Markit, a research firm.” Yet China's sprawling surveillance apparatus isn't technically flawless and some shortcomings remain. “China’s national database of individuals it has flagged for watching — including suspected terrorists, criminals, drug traffickers, political activists and others — includes 20 million to 30 million people, said one technology executive who works closely with the government,” Mozur wrote. “That is too many people for today’s facial recognition technology to parse, said the executive, who asked not to be identified because the information wasn’t public.”

— Two men were convicted in New York for their involvement in a plot that used information from hacked press releases to turn in profits illegally, Reuters's Jonathan Stempel reported. Vitaly Korchevsky and Vladislav Khalupsky were convicted on Friday by a federal jury in New York, according to Reuters. “The defendants had been among 10 people, including seven traders and three Ukraine-based hackers, criminally charged in Brooklyn and New Jersey over what U.S. authorities have called the largest known hacking scheme to game financial markets,” Stempel wrote. “Authorities said more than 150,000 press releases were stolen from Business Wire, Marketwired and PR Newswire from February 2010 to August 2015, and used to generated in excess of $100 million of illegal trading profit.”

— The United States and Canada will collaborate on a project during the next two years to explore how artificial intelligence can assist first responders, the Department of Homeland Security's Science and Technology Directorate announced in a statement on Friday. This initiative will aim “to ensure both American and Canadian next generation first responders are better connected, protected and fully aware during critical incidents,” according to the statement.

— More cybersecurity news from the public sector:

D.C.-area cybertech companies persuade West Coast investors to head east (Aaron Gregg)

As defense bill approaches finish line, future of Chinese company ZTE hangs in the balance (CyberScoop)

Amazon continues to profit from the sale of white-supremacist propaganda, report says (Tracy Jan)

Will third-party plugins survive the tech backlash? (The Verge)

— Reporters found that a fitness application exposed data, including names, of thousands of users at security facilities around the world such as the National Security Agency in the United States and MI6 in Britain, according to ZDNet’s Zack Whittaker. “Although the existence of many government installations are widely known, the identities of their employees were not.” Whittaker wrote. “But now, an investigation by Dutch news site De Correspondent and Bellingcat found that Polar Flow exposed their fitness tracking data. The company's developer API could be improperly queried to retrieve fitness activities, like each running and cycling session, on any user.”

— Scammers posing as celebrities through fake social media accounts spread misinformation, ask for money from their victims or even commit online sex crimes, the New York Times’s Jack Nicas reports. “Twitter, Instagram and Facebook have compounded the problem with lax enforcement of their own policies prohibiting impersonators.” Nicas writes. “Some people who report such accounts said the sites had gotten better at removing them, but others said the companies did not police them adequately.”

— Russian President Vladimir Putin on Friday said countering ever-present cyberthreats requires “combined efforts” among governments, the Associated Press reported. “We have repeatedly seen that some nations’ egoism, their attempts to act squarely to their own advantages, hurt the global information stability,” Putin said, as quoted by the AP. “The Russian leader didn’t address allegations that government-sponsored Russian hackers have meddled in the U.S. 2016 presidential elections,” the AP reported. “Moscow has strongly denied interfering in the vote.” Putin’s comments came three days after the Senate Intelligence Committee in Washington endorsed the U.S. intelligence community’s 2017 assessment that Russia interfered in the past U.S. presidential election and ultimately sought to help elect Donald Trump. Putin and Trump are scheduled to meet July 16 in Helsinki.

— “Mexico’s financial authorities on Friday warned local banks to be on alert for potential cyber attacks and to strengthen security systems, activating protocols established in the wake of recent bank hacks,” Reuters’s Daina Beth Solomon reports. “Mexico’s central bank, Finance Ministry and banking regulator said in a statement that the measure is preventative, and that the country’s financial system is functioning normally.”

— More cybersecurity news from overseas: 

For China, Tech Giant Tencent Is Both a National Champion and a Threat (The Wall Street Journal)

Huawei says does not expect U.S. sanctions: press (Reuters)

All the Ways iOS 12 Will Make Your iPhone More Secure (Wired)

Today

• National Homeland Security Conference in New York through July 12.

Coming soon

• IoT Global Innovation Forum in Portland, Ore., tomorrow through July 11.
• Senate Rules and Administration Committee hearing on election security on July 11.
• House Homeland Security Committee hearing on the protection of election systems and other critical infrastructure on July 11.
• House Energy subcommittee hearing titled “Protecting customer proprietary network information in the Internet age” on July 11.
• Senate Commerce Committee hearing on the Spectre and Meltdown vulnerabilities on July 11.
• Two House Homeland Security subcommittees hold a joint hearing on supply chain threats on July 12.
• Two House Science subcommittees hold a joint hearing on big data on July 12.
• National Association of Secretaries of State 2018 Summer Conference in Philadelphia on July 13 through July 16.

Pompeo brushes off North Korea's “gangster-like” comment:

The president says there’s a border crisis. This border city begs to differ:

Cheers and tears as Belgium tops Brazil: