Advertisement

Meta exec details how hackers spread 'false narratives' about Russia

24
Daniel Howley
·Technology Editor
·4 min read

Facebook parent Meta (FB) is warning Ukrainian users that a Russia-linked hacking group is trying to take over user high-profile accounts to spread disinformation about Russia’s invasion.

According to Nathaniel Gleicher, head of security policy at Meta, a Belarus-based group, known as Ghostwriter, is trying to compromise high-profile Ukrainians’ user accounts to sow discord among the local population amid Russia’s physical attack.

“They were targeting and taking over, or attempting to take over, the accounts of prominent individuals in Ukraine. Think about journalists, military personnel, and prominent figures like politicians,” Gleicher told Yahoo Finance. “First, they would compromise [users’] devices and email and then use them to hack all of their social media accounts to try to spread false narratives and disinformation.”

Generally, members of the hacking group are spreading narratives that criticize Russia’s detractors and line up with Russia’s perspective that the invasion is an attempt to “de-Nazify” Ukraine.

ADVERTISEMENT

Ghostwriter isn’t new to international cyberwar. According to cybersecurity firm Mandiant, the group has previously tried to disrupt elections in Poland and Germany in 2021 via disinformation and hacking campaigns. Now it’s set its sights on Ukraine, a former member of the Soviet Union that has drawn Russian President Vladimir Putin’s ire as it continues to pivot toward the West and seeks to join NATO. And it will employ a variety of tactics to reach Ukrainians.

“One really important takeaway for everyone is Ghostwriter, and similar threat actors, often don't just target social media accounts,” Gleicher said. “They begin by targeting people's devices, targeting people's personal email. Once they can take over that account they use that basically as a keystone to get to all their other accounts.”

The group accesses email accounts using phishing emails to trick people into handing over their usernames and passwords. From there, the group will use victims’ accounts to sign into their social media accounts and spread disinformation indicating the Ukrainian troops are surrendering or losing to Russia.

This isn’t specifically a Meta problem, even though the Facebook parent has been open about the threat. Ghostwriter is seeking to take over any accounts where they can spread Russian propaganda. They’ve also previously worked to spread disinformation around elections throughout Europe including in Lithuania and Latvia, and created false government websites.

Without access to users’ accounts, however, Ghostwriter’s disinformation campaigns fall flat. To that end, Gleicher says users should take basic security steps to protect themselves, regardless of what social networks they use.

“Everyone should use strong passwords and should use a password manager,” he said. “There's some steps like this that we can all take that make the work of groups like Ghostwriter much more difficult and help contain the threat.”

Other ways to keep safe online include setting up multi-factor authentication on email and social media accounts, which make it more difficult for hackers to steal user accounts.

It’s also important to recognize phishing emails when you see them. Emails asking you to click links or download attachments should raise a red flag as possibly originating from hackers.

Russian President Vladimir Putin speaks about putting nuclear deterrence forces on high alert, in this still image obtained from a video, in Moscow, Russia, February 27, 2022. Russian Pool/Reuters TV via REUTERS ATTENTION EDITORS - THIS IMAGE WAS PROVIDED BY A THIRD PARTY
Russian President Vladimir Putin speaks about putting nuclear deterrence forces on high alert, in this still image obtained from a video, in Moscow, Russia, February 27, 2022. Russian Pool/Reuters TV via REUTERS. (POOL New / reuters)

As for disinformation, Gleicher says users need to slow down when reading content online. Politicians and regulators both in Europe and here in the U.S. have criticized Meta for not going far enough to tamp down on disinformation, and argue that the company should remove it from its platform entirely.

Still, Meta does try to warn users about disinformation. “We put labels on content when third-party fact checkers determine that it's false, so people can see what the context is around claims that are being made,” he explained.

Russia has responded to Meta labeling disinformation from state-run media outlets by limiting Russian citizens’ access to the company’s social networks.

Meta isn’t the only company weathering fallout from Russia’s invasion. Microsoft has announced that it’s working with Ukraine, the European Union, NATO, the U.S., and U.N. to help detect cyberattacks against Ukraine and other countries, while Google has cut Russian media outlets off from YouTube.

Hackers are almost one step ahead of the experts, though. Even if Meta successfully tamps down on Ghostwriter’s disinformation, it will be tough for the social media giant to stop the next hackers before they have a chance to spread their first lie.

Sign up for Yahoo Finance Tech newsletter

More from Dan

Follow Yahoo Finance on Twitter, Facebook, Instagram, Flipboard, LinkedIn, YouTube, and reddit

Got a tip? Email Daniel Howley at dhowley@yahoofinance.com. Follow him on Twitter at @DanielHowley.