Sign in
A newsletter briefing on cybersecurity news and policy.
with research by Aaron Schaffer
A newsletter briefing on cybersecurity news and policy.
Welcome to The Cybersecurity 202! After today we’ll be gone until Monday, so have a great holiday weekend.
Below: Companies call on the FCC to add advanced firewalls to a discount program for schools and libraries, and Brazil’s president says an apparent voting machine bug means votes should be thrown out (even though experts say it doesn’t affect election results). First:
Facebook and Instagram parent Meta has confirmed Washington Post reporting about the origins of a network of fake accounts on Facebook, saying it “found links to individuals associated with the U.S. military.”
The company’s report comes after a September story by my colleague Ellen Nakashima, and provides a few additional details about the campaign that pushed messages favorable to the United States.
The Pentagon ordered an audit of clandestine information warfare in response to the public exposure of the network by researchers from Graphika and Stanford University’s Internet Observatory, with whom Meta shared details of its investigation. U.S. Central Command is among the entities whose activities were under Pentagon review.
“The people behind this activity posted primarily in Arabic, Farsi and Russian about news and current events, including terrorism concerns and praise of the U.S. military, as well as content about the covid-19 pandemic — some of which we removed for violating our misinformation policy,” Meta’s report says. “This operation also shared posts criticizing Iran, China and Russia, including Russia’s invasion of Ukraine, China’s treatment of the Uyghur people, Iran’s influence in the Middle East and the support of the Taliban regime in Afghanistan by Russia and China.”
Meta said it discovered the campaign’s links to the U.S. military despite attempts by the individuals responsible to hide their coordination and identities. Facebook doesn’t allow users to create accounts under names that aren’t their own.
The campaign got very little engagement, and it wasn’t especially large. In all, Meta took down 39 Facebook accounts, 16 pages, two groups and 26 accounts on Instagram, numbers that Graphika and Stanford included in their August report.
Here are some of the new details Meta revealed:
Meta said the campaign included four separate and short-lived efforts in the fall of 2021 and 2022. The Graphika/Stanford report said it was a series of covert campaigns over five years, but that it wasn’t limited to just Facebook and Instagram, but also Twitter and five other social media platforms.
Facebook had previously raised concerns with the Pentagon about accounts it had to remove in 2020, Ellen reported:
Meta’s decision to go public about the U.S. campaign isn’t controversial in the cybersecurity world.
The Cybersecurity 202 Network, a panel of cyber experts, agreed that U.S. companies and organizations should publicly call out hacking and disinformation operations even if the United States is behind them. Around three-quarters of respondents said in a September poll that U.S. organizations should reveal such operations.
It’s to the benefit of the companies to do so, noted Andy Ellis, operating partner at YL Ventures.
“There are two good reasons for companies not to conceal operations they find that happen to be U.S. operations,” he wrote. “First, if companies and organizations are able to identify U.S. agencies, then the feedback to the agency can be viewed positively, helping them improve. Second, and probably more importantly, if a U.S. firm is selling in the global marketplace, creating a clear separation between the company and the U.S. government is necessary to build trust in worldwide customers.”
The Pentagon referred a request for comment to U.S. Cyber Command, which has no reported role in the campaign Meta wrote about in its report. Asked for comment, Cyber Command referred us back to the Office of the Secretary of Defense.
Congress in 2019 authorized the Defense Department to conduct operations in the “information environment” to counter foreign disinformation and protect the United States. But the White House and other federal agencies raised concern about the Pentagon’s activities.
The Pentagon review could serve as a model for other democratic countries, Emma Briant, a fellow at the Central European University’s Center for Media, Data and Society, wrote in a post for Tech Policy Press.
“With the current review underway, the Pentagon has an opportunity to set an example for how democratic militaries around the world should develop ethical, transparent standards for tomorrow’s information wars,” she wrote. “Any review should especially make clear acceptable limits on creating and encouraging social movements that can risk civilian lives, especially where incentives and coercion are applied, or where it is known that local people will risk persecution for protests and may be limited in ability to achieve their goals.”
Five companies told the Federal Communications Commission in a letter that including next-generation firewalls in the FCC’s E-Rate discount program could help schools and libraries that are trying to fend off cyberthreats with limited IT resources. A flurry of groups have made similar arguments to the FCC, including more than 1,100 school districts like the Los Angeles Unified School District — which was hit in a ransomware attack this year — and the American Library Association, which says it represents 120,000 libraries.
The letter was signed by Fortinet, ENA by Zayo, Microsoft, Cisco and Hewlett-Packard Enterprise. The FCC did not respond to a request for comment.
This year, schools around the country have been hit in dozens of ransomware attacks. It can be particularly difficult for cash-strapped schools with small IT staffs to defend themselves against hackers willing to put sensitive student information online.
Brazilian President Jair Bolsonaro wants the country’s electoral authority — which has already declared that former president Luiz Inácio Lula da Silva won the country’s presidential election — to throw out ballots cast on voting machines from before 2020, the Associated Press’s David Biller and Carla Bridi report. If the votes were annulled, it would give Bolsonaro a reelection win, according to lawyer Marcelo de Bessa, who filed the request for Bolsonaro and his Liberal Party.
“Liberal Party leader Valdemar Costa and an auditor hired by the party told reporters in Brasilia that their evaluation found all machines dating from before 2020 — nearly 280,000 of them, or about 59 percent of the total used in the Oct. 30 runoff — lacked individual identification numbers in internal logs,” Biller and Bridi write. “Neither explained how that might have affected election results, but said they were asking the electoral authority to invalidate all votes cast on those machines.”
“The bug hadn’t been known previously, yet experts said it also doesn’t affect results,” Biller and Bridi write. “Each voting machine can still be easily identified through other means, like its city and voting district, according to Wilson Ruggiero, a professor of computer engineering and digital systems at the Polytechnic School of the University of São Paulo,” they write.
Guadeloupe government fights ‘large-scale’ cyberattack (Associated Press)
CISA releases updated infrastructure guide for local government, tribal defenders (The Record)
The secret history of encrypted DMs on Twitter (Platformer)
Trade organization urges OMB to ‘harmonize’ secure software development practices (NextGov)
SAUDI ARABIA TAKES THE LEAD 😱 pic.twitter.com/e9nZLj8g5b
Thanks for reading. See you next week.
Analysis | Facebook owner says pro-U.S. online campaign had military ties – The Washington Post
