What we can learn from the 3,500 Russian Facebook ads meant to stir up U.S. politics

On Thursday, Democrats on the House Intelligence Committee released a massive new trove of Russian government-funded Facebook political ads targeted at American voters. While we’d seen a cross section of the ads before through prior releases from the committee, the breadth of ideological manipulation is on full display across the more than 3,500 newly released ads — and that doesn’t even count still unreleased unpaid content that shared the same divisive aims.

After viewing the ads, which stretch from 2015 to late 2017, some clear trends emerged.

Russia focused on black Americans

Many, many of these ads targeted black Americans. From the fairly large sample of ads that we reviewed, black Americans were clearly of particular interest, likely in an effort to escalate latent racial tensions.

Many of these ads appeared as memorials for black Americans killed by police officers. Others simply intended to stir up black pride, like one featuring an Angela Davis quote. One ad posted by “Black Matters” was targeted at Ferguson, Missouri residents in June 2015 and only featured the lyrics to Tupac’s “California Love.” Around this time, many ads targeted black Facebook users in Baltimore and the St. Louis area.

Some Instagram ads targeted black voters interested in black power, Malcolm X, and the new Black Panther party using Facebook profile information. In the days leading up to November 8, 2016 other ads specifically targeted black Americans with anti-Clinton messaging.

Not all posts were divisive (though most were)

While most ads played into obvious ideological agendas, those posts were occasionally punctuated by more neutral content. The less controversial or call-to-action style posts were likely designed to buffer the politically divisive content, helping to build out and grow an account over time.

For accounts that grew over the course of multiple years, some “neutral” posts were likely useful for making them appear legitimate and build trust among followers. Some posts targeting LGBT users and other identity-based groups just shared positive messages specific to those communities.

Ads targeted media consumers and geographic areas

Some ads we came across targeted Buzzfeed readers, though they were inexplicably more meme-oriented and not political in nature. Others focused on Facebook users that liked the Huffington Post’s Black Voices section or Sean Hannity.

Many ads targeting black voters targeted major U.S. cities with large black populations (Baltimore and New Orleans, for example). Other geo-centric ads tapped into Texas pride and called on Texans to secede.

Conservatives were targeted on many issues

We already knew this from the ad previews, but the new collection of ads makes it clear that conservative Americans across a number of interest groups were regularly targeted. This targeting concentrated on stirring up patriotic and sometimes nationalist sentiment with anti-Clinton, gun rights, anti-immigrant and religious stances. Some custom-made accounts spoke directly to veterans and conservative Christians. Libertarians were also separately targeted.

Events rallied competing causes

Among the Russian-bought ads, event-based posts became fairly frequent in 2016. The day after the election, an event called for an anti-Trump rally in Union Square even as another ad called for Trump supporters to rally outside Trump tower. In another instance, the ads promoted both a pro-Beyoncé and anti-Beyoncé event in New York City.

Candidate ads were mostly pro-Trump, anti-Clinton

Consistent with the intelligence community’s assessment of Russia’s intentions during the 2016 U.S. election, among the candidates, posts slamming Hillary Clinton seemed to prevail. Pro-Trump ads were fairly common, though other ads stirred up anti-Trump sentiment too. Few ads seemed to oppose Bernie Sanders and some rallied support for Sanders even after Clinton had won the nomination. One ad in August 2016 from account Williams&Kalvin denounced both presidential candidates and potentially in an effort to discourage turnout among black voters. In this case and others, posts called for voters to ignore the election outright.

While efforts like the Honest Ads Act are mounting to combat foreign-paid social media influence in U.S. politics, the scope and variety of today’s House Intel release makes it clear that Americans would be well served to pause before engaging with provocative, partisan ideological content on social platforms — at least when it comes from unknown sources.

Signal for Mac users should disable notifications to keep their messages secure

If you’re using Signal for secure messaging, here’s something to be aware of. The app is one of the best-regarded encrypted messaging tools out there, but Mac owners who use Signal might inadvertently be putting their privacy at risk.

As Motherboard reports, security researcher Alec Muffett discovered that Signal messages sent to a Mac can persist in the notifications center, even if you have the app’s settings tuned to delete them.

That fact suggests that otherwise private messages live on in the operating system, which is something other researchers are looking into at the moment.

It’s a serious concern for anyone who relies on the Signal Mac app, but remember: to take advantage of this flaw, a hacker would need to compromise or obtain your Mac, and by then it’s probably game over.

To turn off the setting — and we recommend that you do — go to the Settings menu within the Signal for Mac app and select either “Neither name nor message” or “Disable notifications” to make sure that your private messages don’t stray beyond Signal.

A cyberattack knocked a Tennessee county’s election website offline during voting

After a distributed denial-of-service attack knocked some servers offline during a local election in Tennessee this week, Knox County is working with an outside security contractor to investigate the cause. The attack took the Knox County Election Commission site displaying results of the county mayoral primary offline during Tuesday night voting. The county resorted to distributing printed results during the outage.

“Tonight, Our web servers suffered a successful denial of service attack,” Knox County wrote on Twitter on Tuesday night. “Election results were not affected, as our election machines are never connected to the Internet.”

The day after the incident, Knox County Mayor Tim Burchett reassured voters that the attack did not compromise the vote. Election systems that can go online are far less secure than systems that are not able to connect to the internet.

“Although the crash did not affect the vote tallies or the integrity of the election, this is not something that should happen,” Burchett said in a statement. “I want to know what happened, and I think an independent review will help to determine that so we can move forward and work to prevent similar issues in the future.”

Burchett disputed outside claims that his office had acted “prematurely” in dismissing any risk to the integrity of the Knox County vote, reiterating that the county’s voting system “is never connected to internet, never at risk.”

In a report from Knox County’s IT Department, Director Dick Moran noted “extremely heavy and abnormal network traffic” consistent with a DDoS attack and observed that the IP addresses involved originated from both domestic and international locations. Moran drew a distinction between a DDoS attack that can knock servers offline and a hack intended to infiltrate systems or servers.

Sword & Shield Enterprise Security, a Knoxville-based security firm, has been contracted to conduct an analysis of the attack and “determine the exact nature” of the server’s time offline.

The county site that was affected by the attack only displayed results to the public, it did not receive or tabulate them. Still, DDoS attacks are sometimes used as a diversionary tactic to create chaos. TechCrunch has reached out to Sword & Shield with additional questions about the sophistication and extent of the attack.

Given its enhanced coordination with states as part of recent initiatives to secure national election systems, TechCrunch has also been in touch with Homeland Security about its role in providing support to Knox County and will update this story when we have more information.

Flaw in global energy facility software shows critical infrastructure risks

Critical infrastructure worries in the U.S. and abroad are far from over. This week, security firm Tenable published research demonstrating a vulnerability affecting two software programs used by global energy management company Schneider Electric. The company’s systems are in place in facilities across North America, Western Europe and Asia.

Before publishing its research, Tenable notified Schneider Electric, allowing the company to patch its software vulnerabilities in early April while issuing guidance for affected plants to update their systems.

“There’s no doubt the discovery of this severe vulnerability comes at a time when critical infrastructure security is top-of-mind for organizations and government agencies everywhere,” Tenable Chief Product Officer Dave Cole said in a statement. Cole noted that this vulnerability exists at the relatively new intersection of IT and operational technology.

Tenable describes the flaw, present in InduSoft Web Studio and InTouch Machine Edition, as a remote code execution vulnerability possible when an overflow condition is triggered in the software.

As Tenable explains, that loophole could allow malicious code to be executed, granting hackers high level access in any facility running the affected software:

“A threat actor could send a crafted packet to exploit the buffer overflow vulnerability using a tag, alarm, event, read or write action to execute code.

The vulnerability can be remotely exploited without authentication and targets the IWS Runtime Data Server service, by default on TCP port 1234. The software implements a custom protocol that uses various ‘commands.’ This vulnerability is triggered through command 50, and is caused by the incorrect usage of a string conversion function.

The vulnerability, when exploited, could allow an unauthenticated malicious entity to remotely execute code with high privileges.”

Critical infrastructure attacks are on the rise, and the results can be devastating. And while compromising a nuclear facility or power grid can result in exceptional consequences, the attacks generally follow the same rulebook that hackers use to compromise other, less high-consequence systems.

“It’s important to keep in mind that attackers are generally after one thing – access. Once they obtain it, their primary goal is typically to make sure long-term access can be maintained,” Ben Johnson, CTO and Co-Founder of Obsidian Security told TechCrunch.

“… If they compromise devices associated with critical infrastructure, they will find themselves with all kinds of leverage. So any flaw that makes obtaining access easier is a serious concern.”

You should change your Twitter password right now

Yes, it’s that time again — password changing time. On Thursday, Twitter revealed that a bug caused the platform to store user passwords in unmasked form. Normally, sensitive personal data like passwords would be stored in hashed form using a mix of letters and numbers to protect the content of the password itself. In this instance, it sounds like Twitter stored plain text passwords openly without any hashing on an internal log.

Twitter notes that it currently has “no reason to believe password information ever left Twitter’s system” or that these unprotected passwords were accessed by hackers, but the risk of the unknown remains. The company has advised users to change their passwords as a precautionary measure.

Here’s what Twitter says happened:

We mask passwords through a process called hashing using a function known as bcrypt, which replaces the actual password with a random set of numbers and letters that are stored in Twitter’s system. This allows our systems to validate your account credentials without revealing your password. This is an industry standard.

Due to a bug, passwords were written to an internal log before completing the hashing process. We found this error ourselves, removed the passwords, and are implementing plans to prevent this bug from happening again.

We’ve reached out to Twitter for more details on the bug and additional information about how this could have happened. Update: Twitter declined to provide additional technical details on the incident but emphasized that is believes the likelihood that the passwords were discoverable is “extremely low” and an internal investigation has revealed no indications of a breach or other misuse.

It’s pretty unusual for a company of this size to make such a basic security mistake, but that’s just another reason for users to take password protection into their own hands. Now is the perfect time to start using two-factor authentication and a password manager like LastPass or 1Password to keep your account credentials safe even when the platforms you use fail to do so.

Facebook’s Free Basics program ended quietly in Myanmar last year

As recently as last week, Facebook was touting the growth of its Internet.org app Free Basics, but the program isn’t working out everywhere. As the Outline originally reported and TechCrunch confirmed, the Free Basics program has ended in Myanmar, perhaps Facebook’s most controversial non-Western market at the moment.

Its mission statement pledging to “bring more people online and help improve their lives” is innocuous enough, but Facebook’s Internet.org strategy is extremely aggressive, optimized for explosive user growth in markets that the company has yet to penetrate. Free Basics, an initiative under Internet.org, is an app that offers users in developing markets a “free” Facebook-curated version of the broader internet.

The app provides users willing to sign up for Facebook with internet access that doesn’t count against their mobile plan — stuff like the weather and local news — but keeps them within a specially tailored version of the platform’s walled garden. The result in some countries with previously low connectivity rates was that the social network became synonymous with the internet itself — and as we’ve seen, that can lead to a whole host of very real problems.

While the Outline reports that Free Basics has ended in “half a dozen nations and territories,” including Bolivia, Papua New Guinea, Trinidad and Tobago, Republic of Congo, Anguilla, Saint Lucia and El Salvador, Facebook told TechCrunch that only two international mobile providers have ended the program, leaving room for interpretation about how other countries ended their involvement and why.

As a Facebook spokeswoman told TechCrunch, Facebook is still moving forward with the program:

We’re encouraged by the adoption of Free Basics. It is now available in more than 50 countries with 81 mobile operator partners around the world. Today, more than 1,500 services are available on Free Basics worldwide, provided to people in partnership with mobile operators.

Free Basics remains live with the vast majority of participating operators who have opted to continue offering the service. We remain committed to bringing more people around the world online by breaking down barriers to connectivity.

Facebook confirmed to TechCrunch that Free Basics did indeed end in Myanmar in September 2017, a little over a year since its June 2016 launch in the country. The company clarified that Myanmar’s state-owned telecom Myanma Posts and Telecommunications (MPT) cooperated with the Myanmar government to shut down access to all free services, including Free Basics in September of last year. The move was part of a broader regulatory effort by the Myanmar government.

In a press release, MPT described how the regulation shaped policy for the country’s three major telecoms:

… As responsible operators, [MPT, Ooredoo and Telenor] abide by sound price competition practices – hallmarks of a healthy marketplace and to adhere to industry best practices and ethical business guidelines.

This [includes] compliance with the authority imposed floor pricing as set out in the Post and Telecommunications Department’s Pricing and Tariff Regulatory Framework of 28 June 2017, including refraining from behavior such as free distribution or sales of SIM cards and supplying services and handsets at below the cost including delivery.

In Myanmar, Facebook’s Free Basics offering ran afoul of the same price floor regulations that restricted the distribution of free SIM cards.

Elsewhere, Facebook’s Free Basics program is winding down for other reasons. Last fall, the telecom Digicel ended access to Free Basics in El Salvador and some of its Caribbean markets. Digicel confirmed to TechCrunch that it stopped offering Free Basics due to commercial reasons on its end and that the decision was not a result of any action by Facebook or Internet.org.

As the Free Basics program is part of a partnership between Facebook and local mobile providers, the latter can terminate access to the app at will. Still, it’s not clear if that was the case in all the countries in which the app is no longer available.

In 2016, India regulated Facebook’s free internet deal out of existence, effectively blocking Facebook’s access to its most sought-after new market in the process. Since then, vocal critics have called Facebook’s Internet.org efforts everything from digital colonialism to a spark in the tinderbox for countries dealing with targeted violence against religious minorities.

Still, according to Facebook, even as some markets dry up, the program is quietly expanding. In late 2017 Facebook added Sudan and Cote d’Ivoire to its Free Basics roster. This year, Facebook launched the initiative in Cameroon and added additional mobile partners in Columbia and Peru.

Myanmar’s access to Free Basics is now restricted, but Facebook indicated that its efforts to connect the country — and its 54 million newly minted or yet to be converted Facebook users — are not over.

Telegram blocked in Iran as the government orders telecoms to cut off access

As Moscow erupts in protests over its own ban, Iran’s judiciary has just ordered the nation’s telecommunications providers to block Telegram . According to the Wall Street Journal, Iran’s Islamic Republic News Agency stated that the decision was issued via a court ruling in Tehran. An estimated 40 million Iranians — half of the country’s population — use Telegram to communicate.

“Considering various complaints against Telegram social networking app by Iranian citizens, and based on the demand of security organisations for confronting the illegal activities of Telegram, the judiciary has banned its usage in Iran,” Iranian state TV reported, according to Reuters.

As of Monday, Telegram appears to still be functioning in the country following the court order. When the ban is executed, the popular messaging app will join the ranks of Facebook and Twitter, two other social media platforms banned in Iran. Government employees were ordered to quit the app earlier this month and the Iranian government launched its own Telegram competitor, a messaging app called Soroush, last week.

In January, Iran temporarily restricted Telegram access, ostensibly to quell anti-government demonstrations. When bans have occurred in the past, tech-savvy Iranians have turned to proxy services and other tools to keep connected.

In the past, Iran has suggested that it would allow Telegram and other messaging apps to operate domestically if they transferred their data servers into the country rather than storing data abroad. Given that such a move would meaningfully compromise a messaging app’s privacy in such a restrictive country — something Telegram’s founder Pavel Durov isn’t keen on — Iran will pursue control of the  messaging service with an outright ban instead.

DARPA is funding new tech that can identify manipulated videos and ‘deepfakes’

The Menlo Park-based nonprofit research group SRI International has been awarded three contracts by the Pentagon’s Defense Advanced Research Projects Agency (DARPA) to wage war on the newest front in fake news. Specifically, DARPA’s Media Forensics program is developing tools capable of identifying when videos and photos have been meaningfully altered from their original state in order to misrepresent their content.

The most infamous form of this kind of content is the category called “deepfakes” — usually pornographic video that superimposes a celebrity or public figure’s likeness into a compromising scene. Though software that makes that makes deepfakes possible is inexpensive and easy to use, existing video analysis tools aren’t yet up to the task of identifying what’s real and what’s been cooked up.

As articulated by its mission statement, that’s where the Media Forensics group comes in:

“DARPA’s MediFor program brings together world-class researchers to attempt to level the digital imagery playing field, which currently favors the manipulator, by developing technologies for the automated assessment of the integrity of an image or video and integrating these in an end-to-end media forensics platform.

If successful, the MediFor platform will automatically detect manipulations, provide detailed information about how these manipulations were performed, and reason about the overall integrity of visual media to facilitate decisions regarding the use of any questionable image or video.”

While video is a particularly alarming application, manipulation even poses a detection challenge for still images and DARPA is researching those challenges as well.

DARPA’s Media Forensics group, also known as MediFor, began soliciting applications in 2015, launched in 2016 and is funded through 2020. For the project, SRI International will work closely with researchers at the University of Amsterdam (see their paper “Spotting Audio-Visual Inconsistencies (SAVI) in Manipulated Video” for more details) and the Biometrics Security & Privacy group of the Idiap Research Institute in Switzerland. The research group is focusing on four techniques to identify the kind of audiovisual discrepancies present in a video that has been tampered with, including lip sync analysis, speaker inconsistency detection, scene inconsistency detection (room size and acoustics) and identifying frame drops or content insertions.

Research awarded through the program is showing promise. In an initial round of testing last June, researchers were able to identify “speaker inconsistencies and scene inconsistencies,” two markers of video that’s been tampered with, with 75% accuracy in a set of hundreds of test videos. In May 2018, the group will be conducting a similar test on a larger scale, honing its technique in order to examine a much larger sample of test videos.

While the project does have potential defense applications, the research team believes that the aims of the program will become “front-and-center” in the near future as regulators, the media and the public alike reckon with the even more insidious strain of fake news.

“We expect techniques for tampering with and generating whole synthetic videos to improve dramatically in the near term,” a representative of SRI International told TechCrunch.

“These techniques will make it possible for both hobbyists and hackers to generate very realistic-looking videos of people doing and saying things they never did.”

DNA analysis site that led to the Golden State Killer issues a privacy warning to users

As more details emerge about the arrest of the man suspected to be the Golden State Killer, it’s clear that one of the most infamous unsolved cases of all time was cracked using a popular free online genealogy database.

The site, known as GEDmatch, is a popular resource for people who have obtained their own DNA through readily available consumer testing services and want to fill in missing portions of their family tree to conduct further analyses. Compared to a polished service like 23andMe, GEDmatch is an open platform lacking the same privacy and legal restrictions that govern user data on more mainstream platforms.

To home in on their suspect, investigators used an intact DNA sample taken at the time of a 1980 Ventura County murder linked to the serial killer. The team uploaded data from the sample into GEDmatch and were able to identify distant relatives of the suspect — a critical breakthrough that soon led to the arrest of Joseph James DeAngelo, 72.

Given the high-stakes nature of DNA data and the popularity of voluntary online DNA databases, the case immediately raised a number of flags for data privacy advocates.

On Friday, GEDmatch confirmed on its landing page for logged-in users that law enforcement sifted through its DNA database in the case:

To correct a BIG misunderstanding, we do not show any person’s DNA on GEDmatch. We only show manipulations of data such as DNA [matches].

We understand that the GEDmatch database was used to help identify the Golden State Killer. Although we were not approached by law enforcement or anyone else about this case or about the DNA, it has always been GEDmatch’s policy to inform users that the database could be used for other uses, as set forth in the Site Policy

While the database was created for genealogical research, it is important that GEDmatch participants understand the possible uses of their DNA, including identification of relatives that have committed crimes or were victims of crimes.

If you are concerned about non-genealogical uses of your DNA, you should not upload your DNA to the database and/or you should remove DNA that has already been uploaded. To delete your registration contact [email protected]

Though an initial misunderstanding raised suspicion that law enforcement used a major player in consumer genetic testing like 23andMe or Ancestry DNA in the Golden State Killer development, investigators instead leveraged another voluntary DNA database with no such hoops to jump through. Both 23andMe and Ancestry require law enforcement to create a legal request in the form of a search warrant or a court order before accessing any specific genetic or personal information.

23andMe explains its policies toward forensics in a special page dedicated to its relationship with law enforcement:

Use of the 23andMe Personal Genetic Service for casework and other criminal investigations falls outside the scope of our services intended use.

Therefore, it is a violation of our TOS for law enforcement officials to submit samples on behalf of a prisoner or someone in state custody who has been charged with a crime.

While the revelation that investigators have apprehended a suspect in the long-cold case is good news, the incident is reigniting justifiable concerns around consumer DNA testing.

In an interview with The New York Times, Paul Holes, the Contra Costa county investigator who helped crack the case, marveled at the power of GEDmatch. “I was blown away with what it could do,” Holes said.

Pro-Trump social media duo accuses Facebook of anti-conservative censorship

Following up on a recurring thread from Mark Zuckerberg’s congressional appearance earlier this month, the House held a hearing today on perceived bias against conservatives on Facebook and other social platforms. The hearing, ostensibly about “how social media companies filter content on their platforms,” focused on the anecdotal accounts of social media stars Diamond and Silk (Lynnette Hardaway and Rochelle Richardson), a pro-Trump viral web duo that rose to prominence during Trump’s presidential campaign.

“Facebook used one mechanism at a time to diminish reach by restricting our page so that our 1.2 million followers would not see our content, thus silencing our conservative voices,” Diamond and Silk said in their testimony.

“It’s not fair for these Giant Techs [sic] like Facebook and YouTube get to pull the rug from underneath our platform and our feet and put their foot on our neck to silence our voices; it’s not fair for them to put a strong hold on our finances.”

During the course of their testimony, Diamond and Silk repeated their unfounded assertions that Facebook targeted their content as a deliberate act of political censorship.

What followed was mostly a partisan back-and-forth. Republicans who supported the hearing’s mission asked the duo to elaborate on their claims and Democrats pointed out their lack of substantiating evidence and their willingness to denounce documented facts as “fake news.”

Controversially, they also denied that they had accepted payment from the Trump campaign, in spite of public evidence to the contrary. On November 22, 2016, the pair received $1,274.94 for “field consulting,” as documented by the FEC.

Earlier in April, Zuckerberg faced a question about the pair’s Facebook page from Republican Rep. Joe Barton:

Why is Facebook censoring conservative bloggers such as Diamond and Silk? Facebook called them “unsafe” to the community. That is ludicrous. They hold conservative views. That isn’t unsafe.

At the time, Zuckerberg replied that the perceived censorship was an “enforcement error” and had been in contact with Diamond and Silk to reverse its mistake. Senator Ted Cruz also asked Zuckerberg about what he deemed a “pervasive pattern of bias and political censorship” against conservative voices on the platform.

Today’s hearing, which California Rep. Ted Lieu dismissed as “stupid and ridiculous,” was little more than an exercise in idle hyper-partisanship, but it’s notable for a few reasons. For one, Diamond and Silk are two high-profile creators who managed to take their monetization grievances with tech companies, however misguided, all the way to Capitol Hill. Beyond that, and the day’s strange role-reversal of regulatory stances, the hearing was the natural escalation of censorship claims made by some Republicans during the Zuckerberg hearings. Remarkably, those accusations only comprised a sliver of the two days’ worth of testimony; in a rare display of bipartisanship, Democrats and Republicans mostly cooperated in grilling the Facebook CEO on his company’s myriad failures.

Congressional hearing or not, the truth of Facebook’s platform screw-ups is far more universal than political claims on the right or left might suggest. As Zuckerberg’s testimony made clear, Facebook’s moderation tools don’t exactly work as intended and the company doesn’t even really know the half of it. Facebook users have been manipulating the platform’s content reporting tools for years, and unfortunately that phenomenon coupled with Facebook’s algorithmic and moderation blind spots punishes voices on both sides of the U.S. political spectrum — and everyone in between.