
Apps like Twitter, WhatsApp, and Telegram are being compromised by bad actors in order to spread fake news.
Photo by BigTunaOnline / Shutterstock
After public outcry, and even Congressional investigation, of how the spread of fake news influenced the 2016 election, you’d think that the poison of false news has more or less been excised. But you’d be wrong.
Although social media platforms have cracked down a great deal and deleted anywhere from dozens to hundreds—or even thousands—of accounts that were nothing more than bots designed to disseminate propaganda, that just means fake news producers have gotten more sophisticated in their methods.
According to Axios, people are getting more savvy about looking for news spread by fake domains (such as the infamous abc.com.go). However, politicians and political groups are still creating partisan sites that seem to be independent. Although the primary culprits used to be Republican or Republican-leaning, Democrats are guilty of doing the same thing.
Platforms have also cracked down on “cloaking,” a tactic that gets people to click on videos or other shares by misleading them about their content. So, what’s a bad actor to do when they want to make fake news go viral? “Language and behaviors are becoming a lot more sophisticated and human-like to avoid detection,” Padraic Ryan, a senior journalist at social media intelligence company Storyful, told Axios.
Civics Lesson: What Is a Botnet?
Botnets were used to spread fake news across social media platforms during the 2016 election. The word “botnet” is a portmanteau of “robot” and “net.” A botnet is a number of internet-connected devices (including computers, cell phones, Internet of Things devices, and even “smart” devices like your voice search-enabled speaker) that have been compromised by malware. The owner of the botnet in the compromised devices can control the botnet and make it do anything from spreading fake news to conducting distributed denial of service (DDoS) attacks that can bring entire websites down.
How do you keep your devices from becoming part of a botnet? Keep your anti-virus and anti-malware software up to date and make sure it’s always turned on. Don’t click links in emails, even if those emails purport to be from someone you know. Don’t visit websites you’re not familiar with. In essence, think before you click.
Photo credit: Shutterstock
Basically, these days it’s all about avoiding detection. Although fake accounts and botnets are still being used, but with platforms prioritizing the removal of fake accounts, bad actors are now trying to hijack real accounts to avoid detection. They’re also using social scheduling apps like Tweetdeck to schedule pre-written posts, thus imitating the posting behaviors of real humans.
“The new trend is bad actors taking advantage of existing polarization to manipulate groups of real people, as opposed to creating or pretending to be groups of people,” said Renée DiResta of Data for Democracy and Mozilla. Basically, bad actors are using these hijacked accounts to “target real people that have already mobilized into partisan groups on social networks or messaging.”
Malware attacks against everyday social media users, both on platforms and on messaging apps like Facebook Messenger or WhatsApp, are also increasing in frequency. But, as Axios says, smaller one-to-one communication platforms such as Twitter direct messaging and Telegram are also being used as weapons.
Another method being used to spread fake news—and this one is particularly alarming—is what experts are referring to as “deepfakes,” altered photos or videos. Technology has become sophisticated enough that publicly available software makes it easy for bad actors to swap one person’s face onto another person’s body, or to make it look like someone is saying something they didn’t. Many platforms are investing in technologies designed to expose deepfakes, but some have been so sophisticated they even fool some journalists.
And even botnets are getting more sophisticated. Tools such as BotMasterLabs and ZennoStore are being used to manipulation at the level of blog comments, forum posts, blogs, and bulletin boards. These tools are being programmed to post on specific forums on different topics.
Although social platforms have taken more action to get rid of financial incentives for creating fake news, much of the work done by bad actors through the last election cycle has laid the foundation for even more sophisticated attacks. “[B]ad actors are taking advantage of [people’s lack of security measures], as well as the further susceptibility of people who have been exposed to fake news before,” said Tony Lauro, manager of cybersecurity architecture at Akamai Technologies.
What should you do to prevent being suckered by fake news? Stay on your toes, use basic security principles such as not clicking links you’re not familiar with, and use the CRAAP test on everything you see on social media—even, and perhaps especially, the things you agree with.