In Azerbaijan journalist gets 15 days in prison over a Facebook post

Anar Abdulla was sentenced to 15 days in prison over a Facebook post, according to OC Media reporting. But the charges pressed against the journalist accuse Abdulla of hooliganism and disobeying the police – the most common charges used against civic activists in Azerbaijan.

On September 14, Abdulla wrote a short post on his personal Facebook profile accusing the heads of administrative offices, of deceiving President Ilham Aliyev, while the people pay the price for it.

According to OC Media, the journalist was summoned to the police on October 5 for a “preventive conversation” however Abdulla was handcuffed and detained. The hearing that took place on October 6, where the journalist was sentenced to 15 days was closed to the local press. 

Speaking to OC Media, Abdulla’s lawyer, Zibeyda Sadigova, said, her client denied both charges. During the hearing, police alleged that the journalist disobeyed police orders and used profane language against the officers. Police pressed charges against the journalist as a result.  

In addition to hooliganism and disobeying police, politically motivated criminal charges used against civil society representatives include drug possession and illegal business activity. 

inauthentic pages target independent news platform – will Facebook take notice [part 3, the case of Azadliq Radio]

After The Guardian’s expose on Facebook overlooking trolling activity in Azerbaijan (and elsewhere) earlier this year, one would think that the platform would finally take notice and address how the platform is abused by trolls and the actors operating them. Instead, the loopholes remain and from the looks of it, the platform is doing little to address the use of Facebook Pages – at least in the case of Azerbaijan as pointed out here and here – to target independent media. The most recent example is this Facebook post, shared by Azerbaijan Service for Radio Liberty. The post, is a caricature by Gunduz Aghayev, addressing the rising cost of fuel in the country. Under the post, 549 comments to be exact claim all sorts of things – that the radio is biased, is lying, the economy is doing great, that the State Oil Company (SOCAR) knows exactly what it’s doing, etc. A closer look at the comments reveals that each belongs to a user operating a fake Facebook page. Earlier this month, AIW reported about Azerbaijan’s very own troll factory

Will Facebook take notice this time? 

Hacks and compromised accounts continue to target journalists and activists in Azerbaijan [updated September 13]

Account compromise, website hacks, DDoS attempts, phishing are just a handful of tactics used to target journalists, rights defenders, and activists in Azerbaijan. 

Here is a list of new cases: 

Earlier in July, Azerbaijan Internet Watch reported a phishing attack that targeted some of the civil society activists. Following a forensic investigation carried out in partnership with Qurium, it was possible to confirm that the email was indeed a virus. According to preliminary conclusions, “the e-mail included a link to malware, with the capability of webcam and Desktop recording, execution of windows commands (WMI) as well as extraction and uploading of selected files from the victim’s computer.

Then the civil society was targeted with another phishing, this time the sender pretended to be the National Endowment for Democracy inviting recipients of the email to apply for a Pegasus Grant. 

Preliminary forensic results indicated that the malware sent around in this email was similar to a phishing campaign from 2017, that was widely covered and reported by Amnesty International: 

The victims and targets identified, as well as the political theme of bait documents, indicate that the campaign is largely targeting human rights activists, journalists, and dissidents. This campaign also aligns with findings by VirtualRoad.org in their report, “News Media Websites Attacked from Governmental Infrastructure in Azerbaijan”, which links some of the same network address blocks with “break-in attempts” and “denial of service attacks” against several independent media websites

The malware that was observed is not sophisticated, and is in some manner extremely crude. However, combined with social engineering attempts and an unprepared public, these tactics can remain effective against many targets.

The same month, Azerbaijan Internet Watch received confirmation that the former political prisoner, Tofig Yagublu’s Facebook profile was subject to numerous hacking attempts. 

In early August, former leader of the opposition Musavat party, Isa Gambar reported that all of his social media accounts were compromised including his Facebook profile, Facebook page, and Instagram account. 

The hackers, who took hold of Gambar’s Facebook profile, changed settings, recovery emails, and an affiliated phone number, and have since then shared irrelevant posts. 

On August 27, the website for popular platform HamamTimes was hacked. The team behind the platform, reported all of its content removed, suspecting that the hackers used the site’s vulnerability as a result of weak security protocols in place. So far, HamamTimes, managed to restore all of the website’s archive of stories however its hosting remains vulnerable to new targeting. 

HamamTimes was targeted before as reported by Azerbaijan Internet Watch in a mass phishing attack. 

On September 4, editor of anews.az news website, Naila Balayeva, reported that her Facebook account was compromised. The hacker switched the email account and the phone number originally registered for the profile. Although Balayeva was able to restore access to her email and change the emails, according to the journalist, the hacker continues to use Facebook as the owner often deleting posts that are critical either of the police or the government institutions.  

Anews.az and Balayeva were targeted before. Last year, several Facebook pages affiliated with the website were hacked. 

While it was possible to provide assistance in some of the cases, the response from platforms like Facebook, especially in the case of Gambar has been slow and at times, comical. So far, twice, the platform requested new emails not associated with the platform or any of its apps and twice, Gambar sent proof of identity.  

[Update] On September 9, political activist Bakhtiyar Hajiyev was reportedly threatened by Baku Police Chief Alekper Ismayilov over a Facebook post, that Hajiyev wrote the same day. The post, Hajiyev wrote on Facebook was addressing the Ministry of the Interior, specifically the Minister of the Interior, Vilayat Eyvazov. The activist alleged the ministry was delaying a response to his complaint submitted 50 days ago over a street hooligan. 

[From Hajiyev’s post on Facebook published on September 9, 2021] Instead of investigating why my Ministry of the Interior cannot question street hooligan, who is refusing to speak to them, humiliating police officers who show up at [the hooligan’s] home, Vilayat Eyvazov is going after me for reminding [the Ministry] of my complaint and is threatening me with arrest, death and blackmailing.  

The activist told Turan News Agency that he was summoned to the police on September 9 where Baku Police Chief, Alekper Ismayilov allegedly told Hajiyev less he removes the Facebook post, the activist would face a greater punishment than arrest. 

On September 12, Gubad Ibadoglu, Azerbaijani academic, and an economist reported that his Facebook profile and page were compromised. In an interview with Turan News Agency, Ibadoglu said despite his attempts to strengthen the security of his accounts, they were compromised anyway. “I got a message this morning that my password was changed using my own computer. This means that the hackers of the Azerbaijani government, even in London,” Ibadoglu told Turan. The fact that he received a notification informing him that his computer was the device from which the passwords were changed, means the device was infected with a virus containing some form of keylogger. It won’t be the first time, this type of information extraction is used to target Azerbaijani civil society. 

[Update] In September, online news platform Toplum TV, reported it lost 16k followers on its Facebook page. 

Azerbaijan’s troll factory revealed

Ever since 2013 revelations about Russia’s troll factory, many in Azerbaijan wondered whether the country’s leadership too operated its very own troll factory. Unlike its Russian version, known as the Internet Research Agency, there was only anecdotal evidence of whether this was really the case in Azerbaijan. There were no former “factory” employees who came forward or undercover journalists who temporary worked there and exposed the work carried out later. Not until this month anyway. An investigation against the executive director of the State Media Support Fund Vugar Safarli now reveals that the suspicions were valid after all. And that upon specific instructions a group of “bloggers” were responsible for monitoring Facebook and leaving comments under posts that were critical of the government or relevant government institutions. 

The investigation is part of a criminal case launched against Vugar Safarli who until recently headed the State Fund for Media Development in Azerbaijan. Safarli was arrested in 2020 on charges of money laundering (allegedly 20million AZN) and abuse of authority.

On September 2, Azerbaijan Service for Radio Free Europe, Azadliq Radio published parts of the testimony by Safarli where the former government official implicates not only that the government did indeed deploy trolls but that several high ranking officials including then Presidential advisor Ali Hasanov and former head of the Presidential Administration Ramiz Mehdiyev were well aware of this. Moreover, the building from where trolls operated belonged to Hasanov himself. 

“Ali Hasanov told me that the new rented space, will have internet bloggers who will work from there. And indeed there were a few, who sat there, working unofficially,” Safarli reportedly said in his statement according to Azadliq Radio reporting. 

“We were especially paying a closer attention to Facebook. Each of us operated a large number of fake profiles, which we used to leave comments. These comments were planned ahead of time. We would receive them in the morning. And that’s why often these comments were similar to each other as they were posted from different profiles,” shared one of the former employees who spoke to Azadliq Radio on condition of anonymity.

But leaving comments en masse was not the only requirement. “The Presidential Administration would send us topics of the day that we had to research and prepare material on. Then those materials were posted on various pro-government media platforms and published on pro-government television,” explained anonymous blogger in an interview with Azerbaijan Service.

Over the years, authorities denied any involvement in mass trolling or deployment of troll armies including Ali Hasanov himself who was known among government critics as the “King of trolls.” He repeated this as he was exiting office in January 2020 in an interview with BBC Azerbaijan service: “There is no army of trolls in Azerbaijan. There is simply the public supporting the president.” 

That public supporting the president was also mentioned by current member of the parliament Zahid Oruc, who told Azadliq Radio in a phone interview that “the party does not see millions of citizens who defend the leader of the current government as trolls.” 

Oruc did not directly deny operation of troll armies in Azerbaijan. Instead he said, “the party considered it incorrect to present massive number of comments written on various platforms and coordinated from from one single location as a government policy.”

Previously the ruling part of New Azerbaijan denied operation of troll armies in Azerbaijan. Most recently the ruling party was exposed in a series of investigations released by The Guardian.   

A month prior to the release of The Guardian investigation Azerbaijan Internet Watch published this story exposing how some 500 inauthentic accounts on Facebook (almost all of them were set up as pages) targeted a Berlin-based online news platform Meydan TV and this story uncovering a similar pattern of targeting against another independent online news platform Mikroskop Media.

That the ruling government in Baku deployed trolls was not at all surprising. Surely, activists had their own suspicions for the years having relied on Internet and specifically the social media platform Facebook as the government silenced dissent offline. As the crackdown against Azerbaijan’s civil society intensified and culminated with the arrest of some of the high profile civil society activists in 2014 as well as targeting of independent news platforms, including Azadliq Radio, internet and specifically social media platforms became the remaining avenues for freedom of speech advocates who took to the platform to criticize the policies and decisions of the official Baku. Independent online news platforms, continue to rely on Facebook, Instagram, and YouTube to disseminate news as many of their websites are blocked for access in Azerbaijan.

Will Safarli’s exposure of the former government officials and their direct involvement in running a troll army change anything? Highly unlikely as the government of Azerbaijan survives on its greatest political tool – denialism.

religious activist pressed with drug charges over criticism of the government online

Razi Humbatov, a member of a religious movement “Muslim Unity” went missing on July 7. Two days later, his whereabouts were confirmed to Meydan TV, by a human rights organization “Defense Line” as well as Humbatov’s lawyer, Javad Javadov. According to the human rights organization spokesperson Rufat Safarov, and the lawyer, Humbatov was taken to the Ministry of Internal Affairs’ main department for Combating Organized Crime where he was charged with drug possession charges. 

Speaking to Meydan TV, Rufat Safarov from the “Defense Line” said, there were allegations of torture against the religious activist. 

Humbatov’s lawyer said he intends to file a number of complaints including violation of rights, and withholding of information on Humbatov’s whereabouts. 

The “Muslim Unity” said in a statement shared on Facebook that Humbatov is not a drug user, nor did he ever sell drugs. If anything, he actively engaged in anti-drug campaigns. The movement indicated that the real reason behind his detention is the critical posts of the government Humbatov often shared on his Facebook.

On July 8, Humbatov was sentenced to four months in pre-trial detention. In a hearing on July 14 at the Baku Court of Appeals, the judge ruled against Humbatov’s release. 

If convicted, Humbatov is facing up to 12 years in prison reported Meydan TV. 

A number of international watchdogs have reported about torture and prosecution of scores of “Muslim Unity” members, including the movement’s leader Tale Bagirzade who was sentenced to twenty years in 2017.

instagram user from Azerbaijan explicitly targets women online – will Facebook and Google take notice?

Violence and harassment against women in Azerbaijan have reached a new level when a user named [@] panturaloriginal mocked women and the way they choose to dress during a live feed via his Instagram account. While the video is no longer available on the user’s Instagram account Shafi Shafiyev, an activist from Azerbaijan shared one part of the video via his Twitter:

Here is a brief translation of what user panturaloriginal is saying in the video: “There are some women who encourage men to slap them from behind when they open their body parts. You just want to slap them. And if they turn around and ask why I would tell them ‘are you out of your mind?! You have left your body parts exposed and I am slapping them. Are you messing with me?!’ Why do you leave your parts exposed? If they are, then I will touch them. I enjoy it. You are playing with my natural instinct.  Do I have to walk around like a blind man [covering his eyes with his hands] because of you? Then dress properly. Cover your body parts. Why is it so important for you to show it? If you are showing it, then I will slap you. I enjoy it. It turns me on. This is how I have been made. It is a natural sensation. Why do I have to control myself?! You have left your body parts exposed, so I am going to slap it like that.”

On July 1, 2021, Facebook, Twitter, TikTok, and Google made commitments to tackle the abuse of women on their platforms as more than 200 women signed a letter calling for tech companies to “prioritize the safety of women.” 

Among their commitments announced at the UN Generation Equality Forum in Paris are: 

Build better ways for women to curate their safety online by:

  • Offering more granular settings (e.g. who can see, share, comment or reply to posts)
  • Using more simple and accessible language throughout the user experience
  • Providing easy navigation and access to safety tools
  • Reducing the burden on women by proactively reducing the amount of abuse they see

Implement improvements to reporting systems by:

  • Offering users the ability to track and manage their reports
  • Enabling greater capacity to address context and/or language
  • Providing more policy and product guidance when reporting abuse
  • Establish additional ways for women to access help and support during the reporting process

The user has two Instagram accounts [panturallive] and [panturaloriginal] and a youtube channel [pantural]. The account from which the live feed was done, has over 68k followers. Both Instagram accounts are now private. 

inauthentic pages target independent news platform – will Facebook take notice [part 2, the case of Mikroskop Media]

This month, a series of articles published by The Guardian newspaper revealed how leaders across the world, used Facebook loopholes to harass their critics at home. And how despite having information about these violations, the platform lets these cases sit sometimes for months on end if not more, instead choosing to deal with more high profile cases. “The investigation shows how Facebook has allowed major abuses of its platform in poor, small and non-western countries in order to prioritize addressing abuses that attract media attention or affect the US and other wealthy countries. The company acted quickly to address political manipulation affecting countries such as the US, Taiwan, South Korea, and Poland, while moving slowly or not at all on cases in Afghanistan, Iraq, Mongolia, Mexico and much of Latin America.”

The Guardian investigations show that Azerbaijan was on the list of neglected countries. If it wasn’t for Facebook’s former employee Sophie Zhang memo published in September of last year, those inauthentic pages that Facebook removed 14 months later (once the memo was out) likely would have stayed. 

But even though those pages have been reportedly removed, hundreds if not thousands more continue to target independent media in Azerbaijan. AIW covered the story of Meydan TV here and The Guardian uncovered a similar pattern of targeting in the case of Azad Soz. AIW now presents its findings on targeting Mikroskop Media, a Riga-based online news platform that covers Azerbaijan. 

Mikroskop Media shared with AIW the list of Facebook posts where the platform received a high volume of comments. The preliminary investigation indicates that the Facebook page of Mikroskop Media was also targeted by hundreds of inauthentic Facebook pages set up to look like personal accounts flooding the posts with comments supportive of the ruling government and its relevant decisions. 

On March 24, Mikroskop Media shared the following post on its Facebook page. The post looks at the total number of citizens who have received vaccination so far in Azerbaijan as well as the total number of vaccines on March 23. This post received over 1.6k comments. AIW looked at 550 comments and almost all of these comments were posted by owners of pages that posed as users on the platform. 

Another post investigated by AIW was one posted on March 11, indicating the total number of businesses who have applied to the authorities to launch their businesses in Karabakh. The post receives over 400 comments. Having analyzed 200 of them, AIW was again, discovered that all of them were pages. 

On April 5, Mikroskop Media shared a link to a story they published about this investigation that was first originally published by VICE on March 29, exposing how little known Berlin-based television channel was part of a “lobbying strategy to polish Azerbaijan’s image in Germany” thanks to large sums of money paid through bribery of certain politicians. The story shared by Mikroskop Media on its Facebook page received almost 400 comments. AIW analyzed these comments, and once again, with an exception of a few profiles (although these too were suspicious given the lack of any recent activity on their profiles) that almost all of the comments were posted by inauthentic Facebook pages. 

At other times, Mikroskop Media’s Facebook page was targeted by troll accounts. This was especially the case in this example – on November 12, 2020, Mikroskop Media shared an infographic, about the number of times, Azerbaijan’s national constitution was amended. Among the 385 comments that were analyzed, a relatively high number of these comments were posted by Facebook profiles. A closer look at these profiles showed while some of the owners were employees at the state universities and government institutions, some were not authentic accounts at all. The majority of the comments once again were in favor of these changes, expressed pride in the country and the president’s decisions as well as accused the media platform of bias and unfair reporting. 

AIW would be happy to assist Facebook’s threat intelligence team in investigating the “coordinated inauthentic behavior” that AIW has observed and has shared in its reporting so far, but the main question still lingers, will it take notice? 

Facebook looks the other way when it comes to Azerbaijan and others – The Guardian investigations show

Almost a month after AIW published this story about how some 500 inauthentic Facebook pages targeted Berlin-based independent online news platform Meydan TV, little has changed. While all of the pages that targeted Meydan TV remain active, someone else has taken notice. 

On April 13, The Guardian published this story explaining how Facebook allowed state-backed harassment campaigns, target independent news outlets, and opposition politicians on its platform.  

The story mentions the case of Azad Soz (Free Speech) and how the post shared on March 4 about two men sentenced to eight months received over 1.5k comments. It analyzes the top 300 comments and discovers that 294 out of 300 comments were inauthentic Facebook pages.  

Just like in the case of Meydan TV. 

The Guardian cites Sophie Zang’s work during her time at Facebook, working for the team tasked with “combating fake engagement, which includes likes, shares, and comments from inauthentic accounts.” During her research, Zhang uncovered “thousands of Facebook pages- profiles for businesses, organizations, and public figures – that had been set up to look like user accounts and were being used to inundate the Pages of Azerbaijan’s few independent news outlets and opposition politicians on a strict schedule: the comments were almost exclusively made on weekdays between 9am and 6pm, with an hour break at lunch,” writes The Guardian journalists Julia Carrie Wong and Luke Harding. 

Wong and Harding also mention the platform’s response mechanism. “The company’s vast workforce includes subject matter experts who specialize in understanding the political context in nations around the world, as well as policy staff who liaise with government officials. But Azerbaijan fell into a gap: neither the eastern European nor the Middle Eastern policy teams claimed responsibility for it, and no operations staff – either full-time or contract – spoke Azerbaijani.”

But the story of Facebook and Azerbaijan is not the only one that The Guardian identified loopholes with. “The Guardian has seen extensive internal documentation showing how Facebook handled more than 30 cases across 25 countries of politically manipulative behavior that was proactively detected by company staff. The investigation shows how Facebook has allowed major abuses of its platform in poor, small, and non-western countries in order to prioritize addressing abuses that attract media attention or affect the US and other wealthy countries. The company acted quickly to address political manipulation affecting countries such as the US, Taiwan, South Korea, and Poland, while moving slowly or not at all on cases in Afghanistan, Iraq, Mongolia, Mexico, and much of Latin America.”

Honduras 

The administration in Honduras relied on astroturfing to attack government critics. Sophie Zang discovered how Juan Orlando Hernandez – the authoritarian leader – “received hundreds of thousands of fake likes from more than a thousand inauthentic Facebook pages” that were set up to look like Facebook user accounts. Very similar to what happened in Azerbaijan, in the case of Azad Soz and Myedan TV. And just like it was in the case of Azerbaijan, in the case of Honduras, the platform took nearly a year to respond.

Russia 

During 2016 US election, Russia’s Internet Research Agency set up Facebook pages to “manipulate individuals and influence political debates” pretending to be Americans.

Facebook’s intervention was much faster in the case of Russia targeting US elections, likely the result of “Facebook’s prioirty system for protecting political discourse and elections,” wrote Wong, in another story in The Guardian.   

As a result of this kind of cherry picking, Facebook’s response mechanism worked faster in the Taiwan, India, Indonesia, Ukraine and Poland but not in countries where similar inauthentic behavior was spotted such as Azerbaijan, Mexico, Honduras, Paraguay, Argentina and others. The difference in response rate was as quick as 1 day in the case of Poland and as long as 426 days in the case of Azerbaijan. 

Many others were left uninvestigated at all. Among them, Tunisia, Mongolia, Bolivia, and Albania. 

Back in Azerbaijan, at the time of writing this post, pages that targeted Meydan TV remain, and even if they are removed, nobody knows how long it will take Facebook to respond, next time, such behavior is spotted. 

state news agency staffer dismissed after Facebook posts

According to online news platform monitoring human rights developments in Azerbaijan, Gozetci, a journalist with the state news agency Azertac, Aygun Aliyeva was dismissed from her job after Facebook posts. Aliyeva’s attempt to take her case to court proved futile. The court ruled in favor of the news agency four days ago. 

Aliyeva told an independent Turan news agency that her issues with the agency began in December 2019, when Azerbaijan held its municipal elections. At the time, Aliyeva wrote a Facebook post, that was critical of the municipalities. “Why would I vote when a municipality cannot even put a rubbish bin?” wrote Aliyeva. She was made to write a statement after this post. Then, in August 2020, she was fired following an alleged note sent to the State news agency from the Presidential Apparatus. 

When Aliyeva decided to take her case to Nasimi District Court, the judge ruled against the journalist. “During the hearing, I was told, I have been writing critical of the government Facebook posts,” Aliyeva told Turan news agency in an interview. The journalist plans to appeal the decision. 

Meanwhile, Azertac management refuted Aliyeva’s claims that she was fired over Facebook posts, instead, the agency said she was unprofessional, submitted her work late, and despite warnings and even a fine, did not change her work ethics. Facebook posts had nothing to do with it, said the state news agency deputy chairman of the board. 

Aliyeva spent twenty-one years at the agency. 

Facebook page, advertising telegram channel, targeting a woman activist [update March 30]

A page on Facebook took it upon itself to target yet another woman in Azerbaijan. This time, the target is the daughter of politician Jamil Hasanli, Gunel Hasanli. Not only that, but the page also is advertising a telegram channel, where they claim an intimate video of Ms. Hasanli is available. 

Another page, previously engaged in targeting of activists, shared not one but two posts, targeting Ms. Hasanli, with a similar content, although by the time AIW received the link to the post it was removed. 

Ms. Hasanli was targeted before when in 2015 she was accused of allegedly hitting a woman whilst driving. The court dismissed her appeal and sentenced Ms. Hasanli to 1.5 years imprisonment. Speaking to Turan News Agency at the time Jamil Hasanil said the accident and the charges were bogus. 

In 2018, Jamil Hasanli’s Facebook page was targeted.

Hasanli’s daughter is the latest victim in targeted online harassment. In recent weeks, scores of women activists were targeted through hacking of social media accounts, leaking of intimate videos and photographs through Facebook pages and Telegram Channels. 

On March 29, Hasanli wrote on his Facebook about the most recent attack against his daughter. He held president Ilham Aliyev and the Security Service directly accountable for the recent targeting. “The depravity is poking around other people’s intimate lives, mobilizing the state’s security services, and using it as a tool of political blackmail,” wrote Hasanli.

*On March 30, AIW received confirmation that both posts were removed.