Twitter has clamped down on ‘state-backed’ information campaigns in the past year, but it appears that in its anti-government push, not all states may be created equal. Last week, it was reported that a part-time soldier in the UK army’s psychological warfare unit, the 77th Brigade, was also Twitter’s head of editorial for the Middle East.
How was this explosive information teased out? It was hiding in plain sight on Gordon MacMillan’s LinkedIn page, alongside a professed interest in “all things social media and digital”. (The affiliation has since been removed). A spokesperson from Twitter says that MacMillan’s role has been reviewed by the company’s compliance teams and is not currently in violation of the platform’s policies. However, his dual loyalties may surface some apprehensions that have been simmering for some time.
Since October 2018, Twitter has been announcing its discoveries of ‘state-backed’ information campaigns that attempt to exploit the platform in order to manipulate public opinion and spread propaganda. (Facebook and Google have been doing the same, with both companies being prompted by the discovery of Russian interference in the 2016 presidential election). Some of the countries allegedly responsible for these nefarious, mind-massaging stealth ops are the usual suspects – Russia, Iran, China, and latterly, Saudi Arabia and the UAE.
But other countries have escaped the roll-call of shame: the UK and US (or any member of the Five Eyes alliance also comprising Canada, New Zealand and Australia). This isn't because Five Eyes countries don't orchestrate information operations. We know they do, the UK government told us itself.
In 2015, the British Army announced the creation of the 77th Brigade, a psychological operations unit responsible for ‘non-lethal’ warfare that reportedly uses social media to “control the narrative”, as well as disseminating UK government-friendly podcasts and videos. At its creation, the unit announced 1,500 soldiers would take to Facebook and Twitter for this purpose.
“The Army see the 77th brigade as a good means of what we call ‘shaping the battlefield’ before you actually go in,” says Daniel Lomas, who leads a course on intelligence and security studies at the University of Salford. “It’s about getting people on your side – getting narratives out there that may get more of the local population on your side.”
Countries such as the US and Israel are known to orchestrate extensive psychological operations using social media, too. So, why are the platforms used by billions of people worldwide yet to discover and denounce these activities?
A study from Oxford University’s Computational Propaganda Research Project released last week found that 70 countries are involved in creating online disinformation campaigns, including the UK and the US. Although not a full record (given these operations are shrouded in secrecy), the report used available information and expert interviews to ascertain a measure of disinformation engaged in by nation states across the world.
Two UK government agencies were said to be involved in social media manipulation (for the US, it’s three). In addition to the 77th Brigade, GCHQ’s Joint Threat Research Intelligence Group (JTRIG) was heavily implicated in these types of activities in documents previously shared by Wikileaks. According to the Oxford study, these groups use bots, humans and cyborg accounts (real accounts supplemented by software) to achieve their aims. Some of the tactics engaged include showing support for a certain position, attacking the opposition, distracting and driving division.
Read more: Inside the British Army's secret information warfare machine
In practice, these operations are closely guarded secrets of the UK government and its allied countries. However, the NSA archive of documents released by whistleblower Edward Snowden in 2013 contained hints about what shape these information campaigns might take. The papers made clear that for the NSA and GCHQ, the internet is an immensely powerful tool of intelligence gathering and manipulation.
In July 2014, The Intercept published a leaked document detailing a collection of methods that JTRIG had developed to shape opinion on the internet, including manipulating the results of online polls, the ability to artificially inflate pageview counts on web sites, “amplif[y]” sanctioned messages on YouTube, and censoring video content judged to be “extremist.” In addition, the ability to plant false Facebook wall posts for “entire countries”. At the time, GCHQ told the publication it works in accordance with the law and is subject to "rigorous oversight".
Another paper prepared by GCHQ in 2010 to share at an annual Five Eyes conference discussed how to game platforms including Facebook and Twitter in order to covertly circulate propaganda. One line in the document stresses the tactic of “crafting messaging campaigns to go ‘viral’”.
Although not directly linked to seeding propaganda, to offer an idea of US and UK intelligence agencies’ attitudes towards leveraging the internet, slides from a JTRIG document list some of the ways these agencies exploit the web to discredit targets. Entitled “The Art of Deception: Training for Online Covert Operations”, these included "set up a honey trap", "change their photo on social networking sites", "write a blog purporting to be one of their victims" and "email their colleagues, neighbours, friends etc".
In the wake of these leaked documents, tech companies faced criticism for their level of cooperation with US intelligence and government agencies. For example, Wikileaks documents seem to indicate spy agencies’ apparent ability to monitor Skype calls in real time and in 2013, it was brought to light that Microsoft handed the NSA access to encrypted messages.
So what evidence do we have of UK information operations in action? It’s fairly scant, but there are some campaigns with alleged links to GCHQ. During the 2009 Iranian presidential election protests and the 2011 uprisings known as the Arab Spring, it was reported a GCHQ unit attempted to shape public opinion through social media. (In response, GCHQ said it did not comment on intelligence matters and follows "strict legal and policy framework").
Mustafa Al-Bassam, a security researcher at UCL, was a member of LulzSec aged 16, the hacktivist group that was targeted by GCHQ at this time. He says that during this period, GCHQ set up a free URL shortening service, lurl.me, that was used on Twitter and other platforms to spread pro-revolution messages in the Middle East. (A URL shortener codenamed DEADPOOL is listed in an NSA document.)
Search results for any lurl.me URLs being posted to Twitter show tweets claiming to link to app downloads and details of Iranian officials. A JTRIG document shared by The Intercept says the UK had a focus on Iran. Other Snowden documents have appeared to show cyberoperations from a GCHQ unit attempting to influence public opinion in Latin America around the Falklands war.
Read more: To fight fake news on WhatsApp, India is turning off the internet
But how are these campaigns orchestrated? Little information is available detailing the operations of Western countries. In 2011, the US army contracted a private company to develop software to create ‘sockpuppet’ accounts – numerous fake accounts that could be controlled by one person. The accounts were said to operate in Arabic, Farsi, Urdu and Pashto.
Some alleged Western information campaigns that have come to light more recently include those purportedly intended to ‘counter’ the information ops of other countries. The Integrity Initiative was a group that received substantial funding from the UK government, to apparently leverage several different methods of counteracting Russian-backed disinformation campaigns. However, shortly afterwards, the group began tweeting negative content about the Labour Party. Similarly, the US State Department announced it was allocating funds to fight online disinformation disseminated by Russian trolls. However, it turned out that the money was instead allocated to a campaign called the Iran Disinformation project which directed online harassment at American citizens.
The fact that any of these operations are yet to be highlighted by platforms such as Twitter and Facebook raises the question: are they really apolitical, like they claim to be? Many of the accounts purged seemed to be those at odds with the US’ geopolitical strategy. In recent months, many of Cuba’s main media channels were suspended, as well as the account of Nicolas Maduro, president of Venezuela, for instance (although this has since been reinstated). Twitter said the accounts has violated its policies. “The thing is, how does Twitter know whether this kind of activity is linked to a particular state?” says Marc Owen Jones, an independent Twitter researcher.
Attribution of cyberattacks is notoriously difficult. Both governments and cybersecurity firms are hesitant to pin the blame for attacks on individual nations or hacking groups unless they are confident about their origins. The same is true for disinformation efforts. Location data, time zones and even subtleties in language can provide clues, but often it’s difficult to be conclusive. “Even if they get a hold of an IP address, that will only tell you where the campaign is being operated from – not who’s paying,” says Jones.
In a blogpost, Twitter says that it uses open-source and proprietary tools to identify when "coordinated manipulation" is taking place. It also partners with governments, law enforcement, and "peer companies" to improve its "understanding of the actors involved in information operations". A Twitter spokesperson did not answer further request for comment.
“The only reason they’re doing this, it seems to me, is PR,” says Al-Bassam, pointing out the platform only started doing so after the US election scandal. In a blog post Twitter had said it committed to the US Congress it would provide regular updates to its "investigation into foreign interference in political conversations". The company added the initial disclosure was: "In line with our strong principles of transparency and with the goal of improving understanding of foreign influence and information campaigns".
However, people have pointed to the connection of big technology companies and the US government. “You’ve got to think that these are organisations with significant commercial and financial interests in the West,” says Lomas. “Attacking the government would potentially be problematic from that perspective.”
But any potential bias may also be connected to groups that help social networks investigate online disinformation. Facebook has engaged the Atlantic Council, whose board includes people like Henry Kissinger, Colin Powell, Condoleezza Rice, and several former or current heads of the CIA. The group has clear review policies on government funding and intellectual independence.
Twitter, meanwhile, to help decide what media is state-controlled has relied on input from Freedom House, a narrative management firm that is funded largely by the National Endowment for Democracy (NED), a body that is in turn directly funded by the US government, and was set up in 1983 to push regime change in foreign nations. FireEye, a cybersecurity firm relied on by Facebook to decide which accounts are inauthentic, was founded in 2004 and received early funding from the CIA’s venture capital arm, In-Q-Tel. The Atlantic Council, Freedom House and FireEye didn't respond to a request for comment by the time of publication.
Perhaps it’s unsurprising that Twitter and other platforms’ culls have dovetailed so neatly with the US and UK foreign policy agendas. After all, the vast majority of Western mainstream media also espouses this Western-centric ideology. But that hasn’t stopped some from speculating further.
Of course, it’s also possible that the sophistication of UK and US disinformation ops has rendered them less visible to these platforms. “The worst information campaigns are the ones we don’t find out about,” Lomas points out. “The whole point of misinformation is that you’re not seen – you’re manipulating something, but you’re not implicated in any way.”
Following publication of this story a Twitter spokesperson, after not answering earlier questions for this story, provided a statement. "The assertion we pick and choose what to disclose, or ignore specific countries, is pure conjecture and has no basis in fact," the spokesperson said. "When we have reasonable evidence of an information operation – regardless of the origin or intent – we make it public. Transparency in build into our DNA as a company."
Updated October 15, 2019 09:34BST: An extra Twitter statement has been added to this article
This article was originally published by WIRED UK
