Facebook takes down 400-account network amplifying content on PH DDoS attacks

0
211

Apr 7, 2022, Gelo Gonzales, Rappler.com

‘The people behind this activity claim to be hacktivists that relied primarily on authentic and duplicate accounts to host and amplify content about distributed denial of service or DDoS attacks,’ Meta says

MANILA, Philippines – Facebook owner Meta on Thursday, April 7, announced it had taken down a network of 400 accounts, pages and groups that have “claimed credit for bringing down websites and defacing them, including news entities’ websites.” 

The “coordinated violative network” had worked together “to systematically violate multiple policies on our platforms against coordinated harm, bullying or harassment, hate speech, misinformation, and incitement to violence.” 

David Agranovich, director of threat disruption at Meta, explained, “The people behind this activity claim to be hacktivists that relied primarily on authentic and duplicate accounts to host and amplify content about distributed denial of service or DDoS attacks, account recovery, and defacement or compromising websites in the Philippines. Notably, they also offered cybersecurity services to protect websites from the very types of attacks they claim to perpetrate.” 

The takedown is the result of a new policy launched last year by Facebook that aimed to crack down on harmful real networks made up of coordinated accounts by real person. It is an extension of their older policy on coordinated inauthentic behavior which primarily makes use of networks of fake accounts. The policy takes aim at “tightly organized groups trying to amplify the harmful behavior of its members, and repeatedly violate our content policies,” said Agranovich. 

As with Facebook’s policy on coordinated inauthentic behavior, Agravonich emphasized that when they do these investigations on potentially harmful coordinated networks, they focus on the behaviors of the accounts in the network, and not the content.

“It’s not because of what they’re saying, who they’re supporting or who they’re not supporting; it’s the way they are engaging on the platform,” Agranovich said.  

“What we realized was these types of networks – even if they don’t use fake accounts – can still do more harm because they are working together than any of them can do individually. And so the idea behind this enforcement was we saw a handful of groups and pages, as well as a large number of user accounts that were working together to do a few things, and one was to coordinate or claim credit for these DDoS attacks.” 

The accounts in the network were found to have been engaging in other violations of Facebook policies, including coordinating harassment, bullying, and misinformation and disinformation that could lead to harm off the platform, and violations of the platform’s cybersecurity policies against DDoS attacks.

“When we looked across this network of people working together, they were very frequently, consistently, violating many of those policies in working together to amplify their violating activities,” Agranovich said. 

Agranovich also noted the difficulty in pinpointing the motivations of such a network, but its promotion of cybersecurity services that would protect sites from the attacks they claim to perpetrate may point to, at the very least, a financial one.

Meta, in its online briefing announcing the takedown, did not specify any of the pages or accounts taken down.

Earlier on March 2, Rappler was able to receive confirmation from Meta that the page “Pinoy Vendetta,” which had been among the most active pages posting about DDoS attacks, had been taken down for “repeatedly violating our policies.” – Rappler.com