icon bookmark-bicon bookmarkicon cameraicon checkicon chevron downicon chevron lefticon chevron righticon chevron upicon closeicon v-compressicon downloadicon editicon v-expandicon fbicon fileicon filtericon flag ruicon full chevron downicon full chevron lefticon full chevron righticon full chevron upicon gpicon insicon mailicon moveicon-musicicon mutedicon nomutedicon okicon v-pauseicon v-playicon searchicon shareicon sign inicon sign upicon stepbackicon stepforicon swipe downicon tagicon tagsicon tgicon trashicon twicon vkicon yticon wticon fm
7 Apr, 2022 22:20

Hackers depict surrendering Ukrainians – Meta

A ‘threat group’ is infiltrating Ukrainian news reports with phony surrender orders, bot-hunter claims
Hackers depict surrendering Ukrainians – Meta

A ‘threat group’ dubbed Ghostwriter has been spreading phony videos of Ukrainians surrendering and planting fake reports of such capitulations into the chyrons of broadcast news, according to the first quarterly “adversarial threat report” from social media behemoth Meta, published on Thursday.

The Ghostwriter hackers “suddenly” started posting in Polish and English about Ukrainian troops surrendering without a fight and the nation’s leaders fleeing the country the day Russia started its offensive in Ukraine, according to the report, written by NATO-backed security ‘expert’ Ben Nimmo. The report attempts to link the Ghostwriter hackers to the Belarusian KGB based on a claim made by fellow hacker-hunters Mandiant Threat Intelligence, which admitted its own assessment was largely based on the hackers’ interests overlapping with those of the Belarusian government.

It’s not clear whether the report’s authors believe that the hackers – government-sponsored or otherwise – actually led anyone to believe the Ukrainians were surrendering on the first day of the war. As the New York Times has admitted, such reports were “not fooling anyone,” suggesting the aim was “to erode confidence in Ukrainian media outlets and institutions.

Some trust does seem to have been eroded, though as much in Meta’s attribution efforts as in the Ukrainian media. Despite Nimmo’s claims that the Ghostwriter hackers were Belarusian in origin, the Ukrainian experts cited by the Times were certain Russia was to blame. The Meta report focused more on its victory over the group’s efforts to spread the dubious videos via the Facebook accounts of Ukrainian military personnel. While Meta couldn’t stop users from clicking on dubious links in their email, it was apparently somewhat successful at “blocking” the videos hackers had posted from being shared.

The report boasted Meta had removed a “network in Russia” for allegedly abusing the site’s reporting tools in order to “repeatedly report people in Ukraine and in Russia for fictitious policy violations … in an attempt to silence them.” This sounds similar to a tactic Meta users on the other side of the political divide have long accused the platforms’ blue-check “establishment” of using against them. However, not a single such case is cited in the report. It also mentions multiple accounts removed for nothing more than sharing pro-Russian commentary from the Caucasus and Ukraine, admitting that those responsible are merely “politically-aligned non-state actors.

Meta and its Facebook and Instagram subsidiaries were designated extremist organizations by the Russian government last month after they officially condoned hate speech against Russians amid the conflict in Ukraine and ignored thousands of demands to remove illegal content. While the social media giant later insisted it was only permitting abusive content directed at the “invading Russians” and President Vladimir Putin, it later slow-walked a “correction." 

Nimmo shot to unlikely international prominence in the aftermath of the 2016 US election when several social media users he insisted were Russian bots went on television to prove him wrong. Despite this embarrassment, he has been embraced by groups like the NATO-backed pro-war think tank the Atlantic Council and was hired by Facebook last year to “lead global threat intelligence strategy against influence operations” – something he likely gained insight into from his stint with the covert UK influence operation Integrity Initiative.