Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

Pro-Brexit Twitter Manipulation Continues

The UK is in a momentous political week. Three separate parliamentary votes will decide the future of the UK and the EU for many years to come. They will decide between a hard Brexit (no deals, just leave), a delayed Brexit, and possibly no Brexit. Unusually in British politics, members of parliament have been very conscious of their electorate’s opinion rather than just ‘the party line’. In the run up t`o these three votes, public opinion still matters. 

The UK is in a momentous political week. Three separate parliamentary votes will decide the future of the UK and the EU for many years to come. They will decide between a hard Brexit (no deals, just leave), a delayed Brexit, and possibly no Brexit. Unusually in British politics, members of parliament have been very conscious of their electorate’s opinion rather than just ‘the party line’. In the run up t`o these three votes, public opinion still matters. 

Numerous reports and studies have indicated that Russia’s Internet Research Agency (IRA) used its Twitter capabilities to sway public opinion before the original exit referendum in 2016 — just as it tried to influence the 2016 U.S. presidential election. Most people will have assumed that such foreign interference in British Brexit opinion would have ceased in 2016. This isn’t the case.

New research from F-Secure, which analyzed 24 million Brexit-related tweets between December 4, 2018 and February 13, 2019, has discovered continuing efforts to amplify pro-Brexit sentiment coming from far-right groups both within and outside of the UK. While there is evidence that both ‘leave’ and ‘remain’ arguments are being manipulated, the activity is far more prominent on the leave side.

“The activity we found happening on the ‘leave’ side of the Brexit conversation was quite different from the more organic appearance seen in the ‘remain’ conversation. And inorganic activity, in relation to political movements and events, can sometimes be indicative of astroturfing or the spread of disinformation,” said Andy Patel, a senior researcher with F-Secure’s Artificial Intelligence Center of Excellence. “At the very least, our research shows there’s a global effort amongst the far-right to amplify the ‘leave’ side of the debate.”

The interesting feature of this research is that it does not directly tie back to the IRA. Rather it ties to far-right groups around the world (who may or may not, of course, have their own ties to Russia). For example, on December 11, the researchers noticed that the #franceprotests hashtag was appearing inside the Brexit data. Following interactions from one particular tweet, they discovered a number of accounts actively sharing tweets related to the yellow vest movement (#yellowvest, #yellowjackets, #giletsjaunes), and to US right-wing topics (#MAGA, #qanon, #wwg1wga).

“This suggested support for the hashtag was coming outside of France and from both sides of the Atlantic,” comments F-Secure’s Jason Sattler in a related blog.

Just over a week later, the researchers detected what they call a pro-leave flare. Accounts that had been relatively quiet suddenly became very active. The flare centered around just a few tweets, but was supported by about 5,800 separate accounts — including accounts popular among the U.S. right wing with hundreds of thousands of followers. It occurred on the very day that Work and Pensions Secretary Amber Rudd suggested that a second exit referendum could be possible.

The research methodology was to use the standard Twitter API and the python language to gauge how often users were tweeting or sharing tweets, along with the influence of individual tweets measured in retweets. The researchers also measured word counts, hashtags and URLs in the related tweets. While this methodology could find relationships, bubbles and flares, it is not able to provide underlying account attributions.

Advertisement. Scroll to continue reading.

“It is possible that activity from the Internet Research Agency, or secret campaigns paid for by wealthy Brexiteers (or their friends across the pond) is present in the data we collected and analyzed,” Patel told SecurityWeek. “Unfortunately, we donít have access to the type of metadata that would be required to make such attributions. Our gut feeling is that many of the accounts detailed in the report likely belong to real people participating in right-wing Twitter bubbles.”

Twitter bubbles tend to behave non-organically — that is, rather like fake accounts even if they are not. “Hence,” continued Patel, “separating real accounts from fake accounts is extremely difficult. These Twitter bubbles exist to support different ideologies: MAGA, pro-leave, Marine LePen, AfD, anti-immigration, anti-muslim, white-identitarian, etc. Overlap exists between these groups, and at that intersection, participants”

What this research seems to suggest is that loosely-allied social movements can emerge organically on Twitter and then behave in an inorganic manner to sway public opinion. The content can be real or fake, true or hyperbole — but remains manipulative. F-Secure believes it leaves Twitter with a choice.

“Given how crucial the site is to debates and elections that may be settled by just a few percentage points or the interpretations of a rapid response team weighing a dashboard,” conclude the researchers, “Twitter seems to have a choice. The site can apply its resources to reducing this suspicious activity on its own terms or it can assume the governments that can make such demand are likely to crumble before any regulation can take place.”

Related: Should Social Media be Considered Part of Critical Infrastructure? 

Related: Researchers Find Thousands of Twitter Amplification Bots in Just One Day 

Related: New Twitter Rules Target Fake Accounts, Hackers 

Related: UK Cyber Security Chief Blames Russia for Hacker Attacks 

Written By

Kevin Townsend is a Senior Contributor at SecurityWeek. He has been writing about high tech issues since before the birth of Microsoft. For the last 15 years he has specialized in information security; and has had many thousands of articles published in dozens of different magazines – from The Times and the Financial Times to current and long-gone computer magazines.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Cybercrime

As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.

Cybercrime

Luxury retailer Neiman Marcus Group informed some customers last week that their online accounts had been breached by hackers.

Cybercrime

Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Cybercrime

Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.

Artificial Intelligence

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.

Cybercrime

Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.