Fake users on social media are as common as spam and at least as dangerous as the Internet Research Agency’s (IRA) Russian-bought political ads — and they’re trying harder to obscure just who’s behind the posts. Facebook has now removed dozens of accounts for “coordinated inauthentic behavior,” including creating an event in Washington next week that had more than 3,000 real people responding to the event, the network shared on Tuesday, July 31. While Facebook says it doesn’t yet know who is behind those accounts, one of the Pages created a “No Unite The Right 2” event that gained the support of five real Pages as co-hosts.
Facebook removed 32 accounts associated in those coordinated efforts, including eight Pages, 17 profiles, and seven Instagram accounts. While a handful had fewer than 10 followers, the grouping had more than 290,000 followers, created 9,500 organic posts, and spent around $11,000 on advertising.
The most followed Pages included Aztlan Warriors, Black Elevation, Mindful Being and Resisters. Sample posts from the deleted Pages ranged from anti-Trump to posts supporting women’s rights. Those fake Pages were responsible for about 30 events, with the largest getting the attention of 4,700 accounts and 1,400 confirmed to attend.
An event slated for August 10 by the fake Resisters Page claimed to be a protest against a second Unite The Right rally. Last year, the white supremacist Unite the Right rally ended up sparking a riot that left one person dead. According to USA Today, the organizer behind that original rally, Jason Kessler, applied for a permit on the first anniversary of the event for Charlottesville, Virginia and Washington D.C. but was denied.
With the help of five real Pages, the “No Unite the Right 2 – DC” got 2,600 users to tap that “Interested” icon on the event, and 600 said they were going to the event.
Facebook says the Pages and profiles were even more adept at covering their tracks than the IRA — Facebook still isn’t quite sure who’s behind the coordinated fake Pages. The network said while some of the Pages were consistent with what the IRA tried, others used different methods. The inauthentic Pages, for example, paid third parties to take out ads for them and used virtual private networks or VPNs.
“Given these bad actors are now working harder to obscure their identities, we need to find every small mistake they make. It’s why we’re following up on thousands of leads, including information from law enforcement and lessons we learned from last year’s IRA investigation,” Facebook’s head of cybersecurity policy Nathaniel Gleicher wrote.
Besides removing the accounts, Facebook has already shared the information with law enforcement in the U.S. as well as other technology companies and the Atlantic Council Digital Forensic Research Lab, an organization helping Facebook analyze abuse.
Facebook says that “security is not something that’s ever done” — after the networks make security improvements, so do the bad actors attempting to gain an audience on the platform. “We face determined, well-funded adversaries who will never give up and are constantly changing tactics,” Facebook wrote. “It’s an arms race and we need to constantly improve too. It’s why we’re investing heavily in more people and better technology to prevent bad actors misusing Facebook — as well as working much more closely with law enforcement and other tech companies to better understand the threats we face.”
The company says that it will continue to update users if the investigation turns up additional — or different — details.