Read the 200,000 Russian Troll tweets Twitter deleted

By Lisa Vaas

Twitter announced last month that it would email notifications to 677,775 users in the US: that’s how many people it says followed one of the accounts created by the Russian government-linked propaganda factory known as the Internet Research Agency (IRA).

Less than two weeks later, Twitter announced that the number had more than doubled.

The number included those of us who retweeted or liked a tweet from Russian accounts during the 2016 US presidential election. The accounts had already been suspended, Twitter said, meaning that the relevant content is no longer publicly available on the platform.

But it is, in fact, available somewhere: Last week, NBC News published 200,000 Russian troll tweets that Twitter had deleted.

NBC News says that the accounts worked in concert as part of large networks that posted hundreds of thousands of inflammatory tweets, “from fictitious tales of Democrats practicing witchcraft to hardline posts from users masquerading as Black Lives Matter activists.”

The US intelligence community has determined that the IRA is part of a Russian state-run effort to influence the 2016 election, and all signs are pointing to the organization gearing up to do the same to the November mid-term elections.

Director of National Intelligence Dan Coats told the Senate Intelligence Committee last Tuesday that the US is “under attack,” adding that Russia is attempting to “degrade our democratic values and weaken our alliances.”

Coats said that Russian President Vladimir Putin considers Russia’s interference in the 2016 presidential elections a success and that he’s targeting the midterms:

There should be no doubt that [Putin] views the past effort as successful and views the 2018 US midterm elections as a potential target for Russian influence operations.

Twitter trolls and their seeds of discord are great tools for the Russians, Coats said: they’re cheap, low-risk and effective:

The Russians utilize this tool because it’s relatively cheap, it’s low risk, it offers what they perceive as plausible deniability and it’s proven to be effective at sowing division. We expect Russia to continue using propaganda, social media, false flag personas, sympathetic spokesmen, and other means of influence to try to build on its wide range of operations and exacerbate social and political fissures in the United States.

Twitter handed over to Congress a list of 3,814 IRA-connected account names and, as is its practice, has since suspended those accounts. That means deletion of the accounts’ tweets from public view, both on Twitter and from third parties. Unfortunately, erasing the evidence of foreign election meddling isn’t helpful for the investigation into that meddling – an investigation that resulted in a federal indictment on Friday, accusing 13 Russians and three Russian companies of conducting a criminal and espionage conspiracy using social media to interfere in the election.

Read more at https://nakedsecurity.sophos.com/2018/02/21/read-the-200000-russian-troll-tweets-twitter-deleted/

Facebook to verify election ad buyers by snail mail

By Lisa Vaas

Facebook’s come up with a way to avoid being used by the Russians like a tinker toy in the upcoming US mid-term elections: snail mailed postcards.

Katie Harbath, Facebook’s global director of policy programs, described the plan to verify political ad buyers at a conference held by the National Association of Secretaries of State over the weekend. She didn’t say when the program would start, but she did tell Reuters that it would be before the congressional midterms in November.

The unveiling of the plan, which is meant to verify ad buyers and their locations, came a day after Robert S. Mueller III filed an indictment describing a Russian conspiracy to interfere in the 2016 US presidential election. It alleges that 13 Russians and three Russian companies conducted a criminal and espionage conspiracy using social media to pump up Donald Trump and to vilify Hillary Clinton.

Lawmakers, security experts and election integrity watchdog groups have been dissecting the social network’s failure to detect Russia’s use of Facebook and other social media platforms, including Twitter and Google, and its sluggishness in dealing with its fake news problem.

Facebook isn’t the only media outlet to turn to nice, flat, analog paper to try to keep Russians from meddling in the 2018 election.

Read more at https://nakedsecurity.sophos.com/2018/02/20/facebook-to-verify-election-ad-buyers-by-snail-mail/

Apple fixes that “1 character to crash your Mac and iPhone” bug

By Paul Ducklin

Apple has pushed out an emergency update for all its operating systems and devices, including TVs, watches, tablets, phones and Macs.

The fix patches a widely-publicized vulnerability known officially as CVE-2018-4124, and unofficially as “one character to crash your iPhone”, or “the Telugu bug”.

Telugu is a widely-spoken Indian language with a writing style that is good news for humans, but surprisingly tricky for computers.

This font-rendering complexity seems to have been too much for iOS and macOS, which could be brought to their knees trying to process a Telugu character formed by combining four elements of the Telugu writing system.

In English, individual sounds or syllables are represented by a variable number of letters strung together one after the other, as in the word expeditious.

That’s hard for learners to master, because written words in English don’t divide themselves visually into pronunciation units, and don’t provide any hints as to how the spoken word actually sounds. (You just have to know, somehow, that in this word, –ti– comes out as shh and not as tea.)

But computers can store and reproduce English words really easily, because there are only 26 symbols (if you ignore lower-case letters, the hyphen and that annoying little dingle berry thing called the apostrophe that our written language could so easily do without).

Read more at https://nakedsecurity.sophos.com/2018/02/20/apple-fixes-that-1-character-to-crash-your-mac-and-iphone-bug/