Tag: election

Google Advanced Protection is for high-profile hacking targets

Many internet giants offer security measures like two-factor authentication (which you should really use) to keep your account safe from hackers. But there are a handful of people who are so valuable as targets that hackers will go after them specifically -- say, election campaign managers. And Google wants to do something about it. It's introducing the previously rumored Advanced Protection Program, an extra layer of security for people who virtually expect cyberattacks. Sign up and you'll put restrictions on your account that will be borderline onerous, but could be vital when you know you're facing a serious threat.

To start, you need a physical security key to sign in. These certainly aren't unheard of (Facebook supports them), but it's not optional for anyone in Advanced Protection. Google also limits full access to your Gmail and Drive accounts to specific apps (currently its own), so a rogue program can't spy on you or steal your data. And hackers won't have much luck with social engineering, either. There are "additional reviews and requests" if someone claims to be locked out of an account, reducing the chances that someone can impersonate you well enough to get account details.

Google is promising to "continually update" its security measures to adapt to threats. You'll get the latest the company can offer, in other words.

At the moment, Advanced Protection is limited to personal Google accounts. However, you don't need to be a celebrity or political figure to enroll. Google is quick to stress that this is for anyone who has a particular reason to be worried about hacks, such as someone escaping an abusive relationship or a journalist who needs to protect the anonymity of a source. While it's patently obvious that this is coming about as a response to the hacks that defined the 2016 US election (Google makes not-so-vague allusions to the attack on John Podesta's account), it's clearly useful on a much broader level.

Via: Reuters, Wired

Source: Google, Advanced Protection

Facebook locks down key data as researchers analyze Russian influence

The truth behind Facebook's involvement in Russian voter hacks continues to get more complicated. The social media company apparently knew about Russian meddling even before last year's US election. Mark Zuckerberg's company reported that 10 million people saw Russian political ads, and has handed over Russia-linked ads to Congress. According to a report in The Washington Post, however, Facebook recently scrubbed the internet of thousands of posts related to social media analyst Jonathan Albright's research that apparently concluded that at least twice as many people had seen the ads than Facebook reported.

Needless to say, the researcher is upset. "This is public interest data," Albright told the Post. "This data allowed us to at least reconstruct some of the pieces of the puzzle. Not everything, but it allowed us to make sense of some of this thing."

Facebook confirmed to The Washington Post that while the posts had been removed, it was due to a bug in its analytics tool CrowdTangle. According to the company, Albright should never have been able to see this information. When the "bug" was quashed, Facebook told the Post, advertisers (and analysits like Albright) could no longer see information from "cached" posts that had already been taken down on Facebook (and Instagram). "We identified and fixed a bug in CrowdTangle that allowed users to see cached information from inactive Facebook Pages," Facebook spokesman Andy Stone told the Post. "Across all our platforms we have privacy commitments to make inactive content that is no longer available, inaccessible."

It's hard not to see this as a convenient excuse to hide tens of millions of potentially damning data, of course, especially as COO Sheryl Sandberg has committed the company to transparency around the fake Russian ads. Social media analysis has become a large part of figuring out what happens in our society, and not allowing access to even "taken down" posts can seem alarming. We've reached out to Facebook for comment on this matter and will update the post when we hear back.

Source: The Washington Post

DefCon event shows how easy it is to hack voting systems

It's no secret that it's possible to hack voting systems. But how easy is it, really? Entirely too easy, if you ask researchers at this year's DefCon. They've posted a report detailing how voting machines from numerous vendors held up at the security conference, and... it's not good. Every device in DefCon's "Voting Machine Hacking Village" was compromised in some way, whether it was by exploiting network vulnerabilities or simple physical access.

Multiple systems ran on ancient software (the Sequoia AVC Edge uses an operating system from 1989) with few if any checks to make sure they were running legitimate code. Meanwhile, unprotected USB ports and other physical vulnerabilities were a common sight -- a conference hacker reckoned that it would take just 15 seconds of hands-on time to wreak havoc with a keyboard and a USB stick. And whether or not researchers had direct access, they didn't need any familiarity with the voting systems to discover hacks within hours, if not "tens of minutes."

The report writers reach a few conclusions. To begin with, it's clear that dedicated hackers would have no trouble getting in -- if neophytes can hack a system after a brief learning curve, it'd be a walk in the park for state-sponsored hackers. They also warn that foreign components or software could add to the risk by giving ne'er-do-wells a chance to slip in malware that compromises an entire platform. And crucially, politicians, non-government groups and other experts should be involved to make sure that voting system security is treated seriously.

The question is, will the right people listen? It's hard to say. Key US officials did visit the voting machine village, including Homeland Security officials and Congress members like Rep. Jim Langevin and Rep. Will Hurd. And some states are already aware of security risks: Virginia is replacing one of the machines hacked at DefCon. The problem is that many politicians not only didn't attend, but are sometimes clueless about security. A truly comprehensive fix would involve a major, nationwide rethink of election security practices, and that may not happen so long as many of those in power don't take the problem seriously.

Source: DefCon (PDF), C-SPAN

Senate committee focuses on Facebook in Russia probe

During a press conference today, the Senate Intelligence Committee gave an update on its investigation into Russian interference in the 2016 presidential election. It also warned that those preparing for 2018 elections should work under the expectation that similar initiatives from Russian operatives will occur. "I recommend every campaign and every elected official take this very seriously," said committee Chairman Richard Burr.

The committee has already looked at piles of documents from the Trump campaign and conducted interviews with those associated with the president's campaign as well as members of the intelligence community. The committee also just received thousands of Facebook ads to look through that are thought to have been purchased by Russian operatives. Twitter has turned over some information as well and the Senate Intelligence Committee is expecting more.

Facebook, Twitter and Google have been invited to testify at a November 1st hearing. "I was concerned at first that some of these companies did not take this threat seriously enough," Vice Chair Mark Warner said. "But I believe they're recognizing that threat now, and they are providing us with information." Committee leaders also said that while the committee wouldn't publish the ads provided by Facebook, they did encourage Facebook to do so. "We don't release documents provided by to our committee, period," Burr said. "[It's] not a practice that we're going to get into. Clearly if any of the social media platforms would like to do that, we're fine with them doing it because we've already got scheduled an open hearing. We believe that the American people deserve to know firsthand." Warner added, "At the end of the day it's important that the public sees these ads."

What was made very clear was that this investigation is nowhere near finished and the issue of collusion between the Trump team and Russia is still very much open. The goal is to figure out as much as possible before election season starts to ramp up next year. "We've got to make our facts, as it related to Russia's involvement in our election, before the primaries getting started in 2018," Burr said, adding, "You can't walk away from this and believe that Russia's not currently active."

Source: C-Span

Russian Facebook ads reportedly targeted crucial swing states

More details are emerging about the Russia-linked ads Facebook handed over to Congressional investigators just days ago. According to multiple sources who spoke to CNN, a number of the paid posts specifically targeted two states that were crucial to Trump's victory in November: Michigan and Wisconsin. Facebook has already revealed that the 3,000 ads (viewed by roughly 10 million people) focused on "divisive social political messages," including issues about race, LGBT topics, immigration, and gun rights. But, the latest info sheds light on the geographic and demographical targeting of the promotional messages -- two aspects Facebook has not discussed in detail.

Trump beat Democratic nominee Hillary Clinton in Michigan by just 10,704 votes. Wisconsin too was a tight race, with Trump grabbing victory by 22,700 votes. Just days after the results were announced, Facebook CEO Mark Zuckerberg swiped back at his critics by claiming it was "crazy" to think that fake news on his platform swayed the election. He's since said he regrets those remarks. But, bogus articles were just part of the machinery used by nefarious forces, along with promoted events, and ads. The latter saw Facebook's comprehensive (and controversial) ad targeting tool utilized to target groups in key areas of Michigan and Wisconsin, people with knowledge on the matter told CNN.

Facebook is cooperating with the Senate Intelligence Committee investigating Russia's alleged social media interference during the elections. However, it's not the only one in the dock. Twitter also recently handed over evidence of over 1,800 Russia Today accounts that posted targeted ads in the US. Total Spend on the advertisements, which were also created during the 2016 election, came to $274,100. Despite its willingness to hand over data, it seems the company has not shut down several accounts associated with the so-called propagandist news outlet. As Recode points out, the @RT_com, @RT_America, and @ActualidadRT are still fully active. What's more, they have not reportedly been banned from advertising on the platform.

Elsewhere, Russia Today has lost a powerful soapbox. Google -- which is also being rounded up as part of the Senate's extensive investigation -- just removed Russia Today from its premium YouTube ad program (known as Google Preferred). Facebook, Google, and Twitter will be questioned by Senate lawmakers on November 1st.

Source: CNN, Recode

Facebook axed ‘tens of thousands’ of accounts before German election

Facebook released a recap today about the efforts it made to minimize the spread of fake news during Germany's recent election. Facebook VP Richard Allan said in the announcement, "These actions did not eliminate misinformation entirely in this election – but they did make it harder to spread, and less likely to appear in people's News Feeds. Studies concluded that the level of false news was low. We learned a lot, and will continue to apply those lessons in other forthcoming elections."

One tactic used by the company was Related Articles, which puts a number of different perspectives right alongside articles covering the same topic. Another was to remove clickbait and spam with Facebook's machine learning systems. Additionally, anytime users visited an article about the election, Facebook provided a way for them to compare all of the major parties' perspectives on that issue, and an Election Hub was set up for users to easily see who was on the ballot.

Allan also said that the site removed tens of thousands of fake accounts during the month before the election, which is a much larger number than the thousands of accounts Mark Zuckerberg noted in his recent update on Facebook's role in promoting election integrity. Along with those efforts, Facebook also assisted the German government with cybersecurity measures.

Facebook says it plans to expand its partnerships with election commissions all around the world. "As long as there are people seeking to disrupt the democratic process, we will continue working closely with our partners — in government and in civil society — to defend our platform from malicious interference," said Allan.

Via: Gizmodo

Source: Facebook

Russia-linked Facebook ads sought to exploit US social divisions

There's been a lot of fuss over a Russian group buying Facebook ads in the run-up to the 2016 presidential election, to the point where it's handing the ads to Congress as it investigates the scope of Russia's influence campaign. But what's in those ads, exactly? We might have a better idea. Washington Post sources say that the 3,000 ads headed to Congress were built to exploit American social divisions. Some championed activist groups like Black Lives Matter, while others portrayed them as existential threats. Others aimed to split opinions through hot-button issues like Islam, LGBT rights, gun rights and immigration.

The members of Congress involved in the investigation haven't seen the ads yet, but have confirmed at least some of the content following briefings. House Intelligence Committee lead Rep. Adam Schiff doesn't believe the ads were intended to drive incensed voters to the polls -- rather, they were meant as an act of "voter suppression" that discouraged involvement. That's backed by strategies seen elsewhere, such as attempts to fuel voter boycotts among Bernie Sanders supporters upset he didn't win the Democratic nomination.

While it's still not certain that the Russian government was directly behind the ads, they line up with strategies the country has used for decades, such as paying for ads in newspapers and even creating activist groups. The difference, of course, would be the scale that the internet involves. The $100,000 in ads may not sound like much, but that can get you a lot of views (BlitzMetrics' Dennis Yu believes it could be "hundreds of millions") with relatively little effort. Russia could have paid a relatively minuscule amount to achieve the effect of fostering division and discouraging voters.

Source: Washington Post

Facebook moderators were reportedly not prepared to catch Russian ads

Facebook's admission that Russian-linked advertisers spent $100,000 on ads leading up to and after the 2016 presidential election has led to serious questions about their effects. But how did they make it through the social network's filters? Four anonymous advertisement monitors explained to The Verge that, as contractors handling hundreds to thousands of ad parts per day, they weren't adequately prepared to screen the propaganda and keep it off the site.

Three of the four workers were at Facebook during the June 2015 to May 2017 time frame during which these ads hit the social network. According to them, each used screening software to evaluate specific portions of an advertisement queued up for review, perhaps vetting images or text segments but never looking at the whole ad. The workers typed in key codes to tag each segment with descriptors, which enabled them to quickly but not critically sift through material, the anonymous sources told The Verge. They were on the lookout for sexually explicit or violent material as well as scams, not subtle attempts to influence the election.

Or, as one worker told The Verge, "They weren't screening for, like, propaganda or anything." They were looking more for marketing attempts capitalizing on fear to sell products, not change opinions.

The Russian-backed ads had some criteria that could've potentially raised red flags among reviewers, but the massive volume of advertisements flowing in daily meant there was room for the ones in question to sneak by. An algorithm was also used to screen ads, which the workers were constantly training, they told The Verge; Conceivably, it could have approved all the Russian-backed content.

We've reached out to Facebook for comment and will include it when we hear back.

Source: The Verge

Facebook hands Russia-backed ads to election investigators

Those Russia-linked Facebook ads are more than just a reason for concern -- they could play an important role in one of the largest investigations in recent memory. CNN sources understand that Facebook has supplied the ads and "related information" to special counsel Robert Mueller and team after they obtained a search warrant. The move will theoretically help Mueller's investigative team find out who was behind the ads and whether or not they played a role in Russia's bid to skew the 2016 US presidential election. And reportedly, this only comes after other attempts to get the info fell flat.

The insiders claim that Facebook rejected House and Senate Intelligence Committee attempts to get the ads. The site's policy, in line with the Stored Communications Act, requires a warrant before it can hand over search data.

Mueller's spokesperson declined to comment, and Facebook would only say that it continues to "work with the appropriate investigative authorities." Don't expect to learn many specifics, then. All the same, this both highlights the breadth of the election interference investigation and the nature of these sorts of investigations circa 2017. Who'd have thought that social media ad spots could play a substantial role in a case like this?

Source: CNN

Facebook may still not know full extent of Russian ad buys

It's been just over a week since Facebook admitted to discovering that it sold $100,000 in ads to hundreds of fake pages and accounts that were both related to each other and apparently run from Russia. Both Democratic and Republican senators are looking for some sort of public hearing on the matter. Now, according to a report by CNN Money, sources familiar with the matter say that Facebook still doesn't know the full extent of the possible fake news ring and that there still may be more ads on Facebook to this day.

CNN's Dylan Byers writes that ad buys on Facebook are purchased via an automated self-service tool, which avoids any human interaction from the social network. Facebook's Andy Stone told CNN that there wasn't any communication between the people who bought the discovered ads and the website's sales team. This apparently happens with larger ad buys. While this might be one way to shift the blame from itself, notes Byers, Facebook will still need to figure out how to prevent these systems from being exploited in the future.

According to CNN, Facebook employees have taken to internal message boards to call for more transparency about the content of these ads. So far, the company has only said that the ads weren't directly about the US election, but mainly focused on spreading social messages to help reinforce the divide between political sides - including "topics from LGBT matters to race issues to immigration to gun rights." About one-fourth of the ads were targeted to specific geographical locations, as well.

Facebook's statement on the matter says that in addition to new tech to detect fake accounts and reduce misinformation, the company is working on ways to "better detect inauthentic Pages and the ads they may run," along with changes to help "more efficiently detect and stop inauthentic accounts" when they're actually created.

We've reached out to Facebook for comment and will update this post when we hear back.

Source: CNN Money