Analysis Researchers identify campaign to manipulate online conversations about Taiwan elections – The Washington Post Feedzy

 

Welcome to The Cybersecurity 202! Join us this afternoon for a Washington Post Live event I’m moderating on cloud security, would you please?

Was this forwarded to you? Sign up here.

Below: The National Cyber Director nominee is confirmed to his post, and Apple plans to roll out a new iPhone security feature. First:

Swapped smiles and egg shortages: Researchers identify campaign to manipulate online conversations about Taiwan elections

Hundreds of fake social media accounts have been trying to influence online discussions about elections in Taiwan next month, according to research out this morning, deploying swapped smiles and emphasizing stories about egg shortages.

The Graphika report, which the Cybersecurity 202 is first to report, doesn’t name who’s behind the campaign, and most of the activity has since been removed by tech platforms. But the influence operation — which appeared to utilize accounts on Facebook, TikTok and YouTube — features Chinese-language memes and videos, displays clumsy Taiwanese language skills and favors the political party in Taiwan that is considered more pro-China while criticizing its main rival, the social media analytics firm said.

In the disinformation hotbed that is Taiwan, officials have been stepping up their warnings of Chinese election interference where the Taiwanese presidency is up for grabs. And Graphika warned broadly of more influence operations likely to come before the race concludes.

“We assess that attempts by foreign and domestic [influence operation] actors to manipulate the online political conversation in Taiwan will very likely increase ahead of the 2024 election,” its report states.

The roots

Graphika traced the origins of the campaign back to at least May 2022. As of last week, the company counted 800 Facebook profiles, 13 Facebook pages, one TikTok account and one YouTube channel as being involved in the operation, “most” of which has been removed. As for its reach?

“While some of the videos received tens of thousands of views on TikTok, the coordinated effort to amplify this content on Facebook does not appear to have generated significant engagement among authentic users,” Graphika analyst Libby Lange told me via email. “Some posts by the operation, however, have previously appeared in top search results on Facebook for terms related to the Taiwanese election, likely due to the actors repeatedly posting identical sets of hashtags.”

The persona at the center of the operation was a TikTok and YouTube account that went by “Agitate Taiwan.”

“Agitate Taiwan effectively acted as a content hub for the operation, posting multiple videos a day to TikTok and YouTube. A set of likely inauthentic accounts then distributed the videos on Facebook,” Graphika said.“Based on open-source indicators, we were not able to assess whether Agitate Taiwan is an inauthentic persona operated by the same actors as the wider network or an authentic user whose content was repurposed by the operation,” the report states.The report mentions that the account was removed from YouTube. The handle the TikTok account had used was still up as of this morning. 

The themes of the campaign are consistently supportive to Taiwan’s KMT party, viewed within Taiwan as more supportive of China, and critical of Taiwan’s pro-independence DPP, according to Graphika. The DPP has held the presidency since 2016. For instance, the operation has emphasized stories about the egg shortage that has bedeviled the current administration. Overall it sought to criticize the DPP and its candidate Lai Ching-te — trying to tar them as corrupt, beyond pushing other storylines — and to highlight the ideas and achievements of the KMT candidate Hou Yu-ih.

Many of the tactics the campaign used are similar to those that often pop up in online influence operations, but with at least one standout, according to Graphika.

“One of the operation’s more innovative elements was its use of ‘stolen’ profile pictures of real people, that were then edited to alter their facial features,” Lange said. “We assess this was very likely an effort to obscure the image’s original source and mask the inauthentic nature of the accounts.”For example, the campaign featured one image that researchers believed to be from a real Facebook account in 2018, only with a different smile superimposed on the person’s face.
What the others involved say

A TikTok spokesperson who requested anonymity to protect employee safety said it was investigating the account and that it doesn’t have evidence that the account was inauthentic, referencing Graphika’s note that it was unable to assess whether Agitate Taiwan was inauthentic or an authentic account repurposed for the campaign. The spokesperson noted its community guidelines do not permit spam, covert influence operations or misinformation about electoral processes.

TikTok is owned by its China-based parent company ByteDance. Some U.S. security officials and politicians have raised concerns about how the Chinese Communist Party might exercise influence over ByteDance, with TikTok’s ownership structure the subject of lengthy negotiations with the U.S. government.FBI Director Christopher A. Wray said in August that TikTok could be a valuable tool for China should it invade Taiwan. TikTok leadership has denied any influence from the Chinese government and critics have provided no evidence of it.

YouTube concluded that Agitate Taiwan violated its policies. “Upon careful review of the channel, flagged in the Graphika report, we terminated the channel for violating our spam, deceptive practices and scams policy,” the company said. 

Meta said it appreciated Graphika’s work.

“We worked with researchers at Graphika to investigate this cross-internet activity which failed to build engagement among real people on our platform,” Ryan Daniels, a Meta spokesperson, told me via email. “We took it down and continue to monitor for any additional violations of our inauthentic behavior policy. We welcome research into deceptive campaigns like these as they rarely, if ever, target one single platform, and it takes a broader whole-of-society response to counter them.” 

The keys

National Cyber Director nominee confirmed to post

National Cyber Director nominee Harry Coker on Tuesday was confirmed to his post in a 59-40 Senate vote, closing a 10-month gap in which the White House Office of the National Cyber Director did not have a full-time leader to coordinate and plan cybersecurity across the government.

Coker succeeds Chirs Inglis, who stepped down in February amid reported internal strife with deputy national security adviser Anne Neuberger. In the interim period before his confirmation, Kemba Walden headed the office as acting National Cyber director. Walden stepped down in November and Drenan Dudley, the office’s strategy and budget deputy, temporarily filled in for her. The cybersecurity community scratched its head at why the White House ultimately passed over Walden for Coker’s new role, and Walden was told it was over her personal debts.

Positive reactions poured in from government-affiliated organizations and the private sector, praising Coker’s experience in the intelligence community and work with other entities. He has advised or has been a board member on a number of companies and was also a senior fellow at Auburn University’s McCrary Institute for Cyber and Critical Infrastructure Security.

Sen. Angus King (I-Maine), who co-leads the Cyberspace Solarium Commission, said in a statement he was “relieved” to have a permanent leader in the office. “After meeting with Coker at length, I firmly believe that his experience — and the expertise and skill-set it imbued him with — makes him highly qualified for the position,” King said.

Coker in his role will continue to oversee the implementation of a large-scale cybersecurity strategy unveiled in March that aims to harmonize the U.S. government’s preparedness and coordination for cyber incidents. In testimony, he said that he would continue carrying out the work already started by office leadership.

Coker advanced out of the Senate Homeland Security Committee last month. All but one Republican on the panel voted against him. At least one Republican, Sen. Rick Scott (Fla.), contested the nomination because of concerns about whether the Biden administration would be using the office to help censor free speech.

When asked about social media censorship at his nomination hearing, Coker said that “with regards to ONCD, we do not have a role related to that.” He also said that “censorship is not an area that I personally believe in,” and that “I am an advocate for constitutionally protected speech.”

Russia, Ukraine exchange headline-making cyberattacks amid Zelensky visit to Washington

Russia and Ukraine have been targeting one another in a pair of high-profile hacking incidents reported over the past day.

Russian hackers hit Ukraine’s largest mobile network operator on Tuesday, as reported by our colleagues David L. Stern, Siobhán O’Grady, Missy Ryan and Kamila Hrabchuk. Meanwhile, Ukraine’s military service on Wednesday said it breached Russia’s federal tax service and wiped the group’s database and its backups, according to Bleeping Computer’s Sergiu Gatlan.

The exchanges come as Ukrainian President Volodymyr Zelensky visits Washington to plead for more military aid from Congress, and have underscored a mainstay cyber theme in the war between the two nations that broke out nearly two years ago when Russia invaded its neighbor.

The Russian cyberattack targeted Kyivstar, knocking out service to more than 24 million subscribers and severing connection from early-warning air raid systems in some parts of the country. Some banking machines were also shuttered in the incident.

“The hacking underscored the continuing threat to Ukraine’s statehood, as political infighting between Democrats and Republicans in Washington risks cutting off aid to Ukraine from its most important ally,” our colleagues write.They later added: “Kyivstar said that the entirety of its network had been brought down. Users also found they could not switch to other carriers since the network’s roaming services were also disrupted, Ukrainian media reported.”

Meanwhile, Ukraine’s hack on the Russian Federal Taxation Service (FNS) “led to all compromised FTS servers being infected with malware, as well as the hacking of a Russian IT company that provides FNS with data center services,” Gatlan writes.

The attack is said to be severe and may hinder Russia’s tax system for a significant period of time, according to Ukraine’s Main Directorate of Intelligence (HUR).

“This is also the second time that Ukraine has officially claimed a cyberattack against Russia,” Gatlan wrote. The HUR said “it hacked Russia’s Federal Air Transport Agency (Rosaviatsia) last month, gaining access to classified data and leaking it online,” Gatlan wrote.

Apple to release new security setting aimed at preventing low-tech iPhone breaches

Apple is rolling out a new security setting in a coming software update that would prevent thieves from using a stolen iPhone passcode from pilfering other sensitive data on a person’s device, the Wall Street Journal’s Joanna Stern and Nicole Nguyen report.

The Stolen Device Security released for beta testers would direct a user’s iPhone to restrict access to certain settings and features if the device is found to be used at an unfamiliar location, according to the report.Thieves can easily watch users type their passcodes into their phones over their shoulders before stealing their devices. Apple historically has not rolled out features to prevent such incidents from becoming catastrophic for victims, like having money or other data stolen, since an iPhone user’s passcode is often linked to sensitive data points.

The reporting centers on a relatively low-tech but still effective method of breaching and exfiltrating data from an iPhone, compared to multiple high-profile incidents from throughout the year that have centered on spyware tools being covertly installed onto iPhones to spy on journalists, politicians and dissidents. 

Government scan

The US government plans to go all-in on using AI. But it lacks a plan, says a government watchdog (CNN)

FBI to field SEC cyber incident disclosure delay requests (Cybersecurity Dive)

CISA, NSA issue guidance on securing open source software through development process (Inside Cybersecurity)

Hill happenings

Securing the ballot

Deepfakes for $24 a month — how AI is disrupting Bangladesh’s election (Financial Times)

A Democratic campaign deploys the first synthetic AI caller (Politico)

Industry report

How cybercriminals are using Wyoming shell companies for global hacks (Reuters)

Bitcoin ATM company Coin Cloud got hacked. Even its new owners don’t know how. (TechCrunch)

National security watch

The Navy bought ‘global’ surveillance data through adtech company owned by military contractor

The Discord Leaks, explained (Shane Harris and Samuel Oakford)

Portrait of a malicious loner-leaker (Spy Talk)

Global cyberspace

U.S. seizes crypto linked to Southeast Asian investment scam (Reuters)

UK government risking ‘catastrophic ransomware attack at any moment,’ parliamentary report warns (The Record)

Cyber insecurity

How holiday scammers could get help from AI (Axios)

Hackers stole about $1.7 billion this year from crypto projects (Bloomberg News)

Brazil’s first lady X account hacked, authorities open investigation (Reuters)

Daybook

Assistant Secretary for Terrorist Financing and Financial Crimes Elizabeth Rosenberg and Deputy Special Envoy to Iran Abram Paley testify to the House Financial Services Committee on Iran terror financing at 9 a.m.Your newsletter host holds a discussion with Washington Post Live on cybersecurity in the cloud and AI era at noon.Rep. Donald G. Davis (D-N.C.) and others discuss water supply cybersecurity with the Foundation for Defense of Democracies at 2 p.m.The House Homeland Security Committee holds a hearing on allegations of censorship at the Homeland Security Department at 2 p.m.The House Select Committee on the CCP holds a hearing on Chinese government overseas coercion tactics at 7 p.m.

Chat room

Robert Lee, co-founder and CEO of Dragos, joined DataTribe as a venture partner. He will remain as Dragos’s full-time CEO.

Secure log off

On this day in 1980, @Apple went public. The initial stock price was $22 per share ($0.10 if adjusted for the 5 stock splits that have happened since then). pic.twitter.com/oWFuXOcTqM

— Today in Tech History (@DayTechHistory)

December 12, 2023

Thanks for reading. See you tomorrow.