Troll vs Russian Hypothesis for the Facebook MeToo Group Hack

Recently, a central Me Too Facebook Group was deleted by Facebook after it had been overrun with fake accounts intent on harassing its users. This was covered in a recent Wired article but so far it has not received too much media attention. Only the blurb summaries that complex articles like this sometimes receive in the video media stream.

This article, which is necessarily conjecture, will start off from where that article ends, so it will not make any sense at all unless you have read it.

Beyond what that article says, here are some trivially true issues regarding the hack that is troubling.

First, allowing all of those harassing profiles in the group at that scale is something that only a group administrator can do. The story that has been heard is that “suddenly” there was a new group administrator and then “suddenly” the harassing profiles came into play. But there are only a few ways that a new administrator could have happened.

  • One of the original administrator accounts could have been a fake account, and the whole thing could have been a honey pot.
  • Second, one of the original, legitimate administrators could have been targeted for hacking, and then once the account had been hacked, the reins for the group handed over to the new malicious admin.

Either way, what happened next was obviously intended to destroy the groups internal cohesion and trust. Not literally the facebook groups trust, but the actual MeToo movements trust. Once a Facebook groups size reaches some critical mass (I know of no reliable way of measuring when this has happened, but for very large Facebook Groups, it is obvious that it has) the groups influence on the larger community that it is seeking to connect becomes “girder like”, and actually hinders the creation of other forms of group organizing.. People start saying things like “we do not need to do an in-person conference, just post this question to the Facbook group” etc etc. The administrators and moderators of the group frequently become more influential in the community than the leaders of the non-profits that work in the space. This effect is very common in the patient communities that I pay attention to on Facebook.

My hypothesis (not in any way original, just the opinion of others that I find convincing) is that this happened in a meticulously timed manner to destabilize the next election. I do not know if this was done by Russians, or merely by American right-wing trolls. From now on I will call the attackers “Trolls” but there is good reason to assume that the attackers were Russian, based on the the previous behavior of the Russian cyber attacks, and the law enforcements assurances that the Russian attacks are again active. The last reason to suspect that it was Russians, rather than less-organized Internet Trolls is the timing, which I will get into in a moment.

For attacks like this, one must assume that the “impact as the intention”. The attack was successful, and the attackers were in a position to anything they wanted. They had other options. They could have taken a “low and slow” approach and simply slurped up the communities data for the next decade. This is a common strategy for “Advanced Persistent Threat” attackers. But the attackers did not choose to do that. Instead, they took actions that would ensure that the group was destroyed, either by an exodus of its members, or (which is what actually happened) by Facebook pulling the plug. So why did the “blow things up” in this way.

I suspect that this happened in order to damage the MeToo community’s ability to organize politically. Plans for political activism are coming together right now. This is when organizations are planning their marches and their community meetings and their get-out-the-vote strategies for the November 2018 elections. These are the elections that will be subject to “the Blue Wave” of frustration with president Trump. The Me Too movement would presumably be at the center of such a movement and now, that community has been attacked in a way that will make it more difficult to organize effectively.

The underlying goal of the Russian hacking, as distinct from hackers that are US citizens in the Far-Right, is not primarily to have one candidate or party win over another, but to keep the population divided and polarized. The idea is just to sow chaos, while a hacker with a motivation just to win, might take very different strategies.

Doing this now means that they have destabilized a group in a way that will ensure that their ability to organize in the next election will be damaged. This could happen in one of two ways.

  • A. they will not be able to organize effectively at all, and the impact of the community will be substantially less. or
  • B. They will reorganize with profound trust issues and seething anger at having been attacked, and ensure further polarization in the political process.

Both of these outcomes would be excellent for Russian attackers, who are not so much interested in having Trump allies “win” as much as having increasing an mounting tensions accelerate.

Much of what I am doing is a somewhat sloppy attempt to apply ideas about modeling the motivations of attackers that I have learned about from Josh Corman’s excellent work on the subject. Work that you can find through I am the Calvary¬†or Cognitive Dissidents.

But the secondary problem here is Facebooks reaction to this. I cannot find any information from Facebook on who the attackers might have been, or how the accounts in questions came to control the Group. So people like me are forced to use guesswork to figure out what happens and what it means. Was this attack originating in Russia? Facebook actually has evidence that would help address that issue. And that is an important question for the Me Too community to ask as it decides what to do next.

My frustration with this set of circumstances, is that it continues to add evidence that Facebook wants to be perceived as a “safe place” while not taking the steps needed to ensure that the actual space is protected. The attack on the MeToo group had specific elements that Andrea and I had proposed to be corrected in regards to the Facebook Groups security design. Super frustrating to see people being hurt, even as the warnings that we gave continue to be ignored.