Facebook took the unusual step of announcing an ongoing, incomplete investigation into “inauthentic” behavior on Tuesday, complete with implications that Russia’s Internet Research Agency (IRA) may have been involved. This week’s disclosure comes in part due to Facebook having to reveal its hand a bit prematurely: “32 Pages and accounts” were affiliated with a protest event scheduled for next week in Washington, DC, and Facebook has begun informing its potential attendees.
The 3,000+ users who expressed interest in the “No Unite The Right 2” event between August 10-12 in Washington, DC, will receive the following Facebook message today: “A Page created by fake accounts started the event ‘No Unite The Right 2 – DC.’ The other event hosts have been notified.”
Facebook says the pages in question were opened between March 2017 and May of this year, and they racked up a combined 290,000 followers before being shut down this week. Those accounts had names such as reSisters, Black Elevation, Aztlan Warriors, and Mindful Being; some of those accounts posted inherently violent imagery, including a black man holding a gun in one image and a man in American Indian attire holding a gun in another. (Sample images from these pages are included in the above gallery.)
In addition to the upcoming DC protest, the pages in question advertised “about 30” events; while most were poorly attended, one racked up over 5,000 “will attend” or “interested” votes on the site. Facebook did not disclose more information about that event or whether its interested users will receive any notice about its inauthentic origins.
The combined 32 accounts spent $11,000 on “about 150” ads on Facebook, the site confirmed, in either US or Canadian currency. Facebook claims that these accounts’ holders used a combination of VPNs and Internet phone services to hide their origins and IP addresses. Tuesday’s report points out one key slip-up on the inauthentic users’ part:
One of the IRA accounts we disabled in 2017 shared a Facebook Event hosted by the “Resisters” Page. This Page also previously had an IRA account as one of its admins for only seven minutes. These discoveries helped us uncover the other inauthentic accounts we disabled today.
In spite of this connection to the IRA, Facebook was careful to avoid connecting the dots to a specific nation-state or political motive behind these actions. “Last year, we said the Russia-based Internet Research Agency (IRA) was behind much of the abuse we found around the 2016 election,” Facebook CSO Alex Stamos wrote on Tuesday. “But today we’re shutting down 32 Pages and accounts engaged in coordinated inauthentic behavior without saying that a specific group or country is responsible.” Stamos clarified that this discovered activity was crucial in singling out these inauthentic accounts but can’t be used to definitively point a finger at the IRA, “as we have also seen examples of authentic political groups interacting with IRA content in the past.”
Additionally, Stamos believes many of the similarities between the IRA’s 2016-election meddling and this week’s disclosure could be copycat behavior by any other group. Ultimately, he says today’s disclosure hinges more on the discovery than on the investigative endgame. “We have invested heavily in people and technology to detect inauthentic attempts to influence political discourse, and enforcing our policies doesn’t require us to confidently attribute the identity of those who violate them or their potential links to foreign actors,” he wrote.
The cat-and-mouse game of catching inauthentic activity is only heating up, Facebook confirmed in its lengthy Tuesday post. “This set of actors has better operational security and does more to conceal [its] identity than the IRA did around the 2016 election, which is to be expected,” Stamos wrote. “After we named the IRA, we expected the organization to evolve. The set of actors we see now might be the IRA with improved capabilities, or it could be a separate group. This is one of the fundamental limitations of attribution: offensive organizations improve their techniques once they have been uncovered, and it is wishful thinking to believe that we will always be able to identify persistent actors with high confidence.”
Facebook pointed out that none of this information had been passed along to US authorities until today’s disclosure. Further information about these specific actors will be published by the Atlantic Council, which assisted Facebook in today’s disclosures, “as soon as it concludes its analysis,” Facebook cybersecurity head Nathaniel Gleicher wrote.