A US Propaganda Operation Hit Russia and China With Memes

This week, former Twitter chief security officer Peiter “Mudge” Zatko filed an explosive whistleblower complaint against the company. The allegations, which Twitter contests, claim the social media firm has multiple security flaws that it hasn’t taken seriously. Zatko alleges Twitter put an Indian government agent on its payroll and failed to patch servers and company laptops. Among the claims, however, one stands out: the suggestion that Twitter engineers could access live software and had virtually untracked access to its system.

In a privacy win for students across the US, an Ohio judge has ruled that it is unconstitutional to scan students’ homes while they are taking remote tests. We also detailed the privacy flaw that is threatening US democracy—a lack of federal privacy protections means mass surveillance systems could be used against citizens in new ways.

Elsewhere, as Russia’s full-scale invasion of Ukraine passes six months, military forces are increasingly turning to open source data to back their efforts. Police in India are using facial recognition with very low accuracy rates—the technology is being widely used in Delhi but could be throwing up plenty of false positives. And we dived deeply (perhaps too deeply) into how four high school students hacked 500 of their schools’ cameras, across six locations, and rickrolled thousands of students and teachers. It’s one elaborate graduation prank.

And there’s more. Each week, we highlight the news we didn’t cover in-depth ourselves. Click on the headlines below to read the full stories. And stay safe out there.

Since Russia-backed trolls flooded Facebook and Twitter with disinformation around the 2016 US elections, the social media firms have improved their ability to bust disinformation networks. The companies frequently take down propaganda accounts linked to authoritarian states, such as Iran, Russia, and China. But it’s rare that Western disinformation efforts are discovered and exposed. This week, the Stanford Internet Observatory and social media analysis firm Graphika detailed a five-year operation that was pushing pro-Western narratives. (The research follows Twitter, Facebook, and Instagram as they remove a series of accounts from their platforms for “coordinated inauthentic behavior.”)

The propaganda accounts used memes, fake news websites, online petitions, and various hashtags in an attempt to push pro-Western views and were linked to both overt and covert influence operations. The accounts, some of which appear to use AI-generated profile pictures, targeted internet users in Russia, China, and Iran, among other countries. The researchers say the accounts “heavily criticized” Russia following its full-scale invasion of Ukraine in February and also “promoted anti-extremism messaging.” Twitter said the activity it saw is likely to have originated in the US and the UK, while Meta said it was the US.

Many of the techniques used by the online influence operation appear to mimic those the Russia-backed accounts used in the buildup to the 2016 elections. It’s likely, however, that the Western influence operations weren’t that successful. “The vast majority of posts and tweets we reviewed received no more than a handful of likes or retweets, and only 19 percent of the covert assets we identified had more than 1,000 followers,” the researchers say.

In recent years, Charming Kitten, a hacking group linked to Iran, has been known for its “aggressive, targeted phishing campaigns.” These phishing efforts aim to gather the usernames and passwords of people’s online accounts. This week, Google’s Threat Analysis Group (TAG) detailed a new hacking tool Charming Kitten is using that’s capable of downloading people’s entire email inboxes. Dubbed Hyperscrape, the tool can steal people’s details from Gmail, Yahoo, and Microsoft Outlook. “The attacker runs Hyperscrape on their own machine to download victims’ inboxes using previously acquired credentials,” TAG says in a blog post. The tool can also open new emails, download their contents, and then mark them as unread, so as not to raise suspicions. So far, Google says it has seen the tool used against fewer than two dozen accounts belonging to people based in Iran.

Password management company LastPass says it has been hacked. “Two weeks ago, we detected some unusual activity within portions of the LastPass development environment,” the company wrote in a statement this week. LastPass says an “unauthorized party” was able to gain access to its development environment through a compromised developer account. While the hacker (or hackers) were within LastPass’s systems, they took some of its source code and “proprietary LastPass technical information,” the company says in its statement. It has not detailed which elements of its source code were taken, making it difficult to assess the seriousness of the breach. However, the company does say that customer passwords and data have not been accessed—there’s nothing LastPass users need to do in response to the hack. Despite this, the indictment is still likely to be a headache for the LastPass technical teams. (It’s not the first time LastPass has been targeted by hackers either.)

The chief communications officer of crypto exchange Binance claims scammers created a deepfake version of him and tricked people into attending business meetings on Zoom calls with his fake. In a blog post on the company’s website, Binance’s Patrick Hillmann said that several people had messaged him for his time. “It turns out that a sophisticated hacking team used previous news interviews and TV appearances over the years to create a ‘deepfake’ of me,” Hillmann wrote, adding that the alleged deepfake was “refined enough to fool several highly intelligent crypto community members.” Neither Hillmann nor Binance has posted any images showing the claimed deepfake. Since deepfakes first emerged in 2017, there have been relatively few incidents of faked video or audio scams impersonating people. (The vast majority of deepfakes have been used to create nonconsensual pornographic images). However, recent reports say deepfake scams are on the rise, and in March of last year the FBI warned that it anticipated a rise in malicious deepfakes within the next 12 to 18 months.