Meta’s quarterly adversarial report confirms suspicions of government sponsored targeting

This month, Meta released its pilot quarterly Adversarial Threat Report. Among the countries mentioned in the report, is Azerbaijan where the platform said it has identified “a hybrid network operated by the Ministry of the Internal Affairs.” According to the document, this network relied on, what Meta refers to as, “Coordinated Inauthentic Behavior [CIB]” in combination with cyber espionage, “compromising accounts and websites to post” on behalf of the Ministry. The ministry’s press office was quick to dismiss the findings, saying the findings were fictitious. 

To pundits familiar with Azerbaijan as well as this platform, it was not all surprising to see the country’s name on the list. This is also not the first time, Azerbaijan’s name appears in Facebook reports on CIB either.

Ample evidence collected over the recent years indicated how a thriving community of government-sponsored [in]authentic accounts targeted independent and opposition media pages and accounts; political activists and rights defenders’ profiles; and have done so over extended periods of time, causing reputational damage to the owners of targeted accounts, spreading false information, distorting facts, and engaging openly in harassment. These and other forms of content/user manipulation on social networks have also become more explicit, and brazen.

So, while it is great that Meta has taken notice and taken measures, it is too little, too late. And here is why. 

Pre-surveillance era 

Azerbaijan users embraced Facebook when it finally expanded beyond its limited geographical scope in 2006. By 2011 the number of Facebook users in Azerbaijan was 7percent. Fast forward eleven years, and according to Azerbaijan Press Agency, this number is around 58.4percent. Since the early years of Facebook, the platform quickly became a popular tool in the hands of activists and more broadly speaking civil society. Used to organize public events and workshops, and share information, Facebook also turned into a platform for political organizing. This continues to be the case to this day. But the platform’s popularity also attracted the attention of the ruling government. Nervous, of spillover from the Arab uprisings, monitoring of the platform became a norm. Scores of activists would get whisked from the streets, for questioning over the following years for public posts calling for protests or criticizing the authorities and government institutions, and politicians. 

It was only a matter of time, before a counter-narrative, sponsored and organized by the state institutions would appear on the platform. First in the form of youth movements sympathetic to the regime, and their members who meticulously searched for any criticism of the ruling government only to argue the opposite. And then gradually transitioning into a more systematic trolling, targeting, and harassment. Facebook profiles, were replaced with Facebook pages which were created to look like profiles but in reality, were facades for hundreds of inauthentic accounts. Gradually distorting facts and targeting users by “brigading” was combined with aggressive “cyber espionage.” The latter is perhaps the most common emergency, AzNet Watch has documented in recent years. 

But back at the headquarters of Facebook, nobody knew how much of a role the platform played in Azerbaijan and in many other countries across the world where the platform was utilized as a tool for information sharing, organizing, as well a political stage of some sort that opposition activists used and continue to use for their political messaging. I once, attempted to explain that to Zuckerberg but he did not want to listen, after all, he was on his honeymoon, touring Europe and the last thing he wanted to hear was the political, and social significance of his company in countries like Azerbaijan. 

Terminology worth knowing

Before diving any deeper let me explain some of the key terms for the sake of clarity. 

Coordinated Inauthentic Behavior

Coordinated efforts to manipulate public debate for a strategic goal where fake accounts are central to the operation. There are two tiers of these activities that we work to stop: 1) coordinated inauthentic behavior in the context of domestic, non-government campaigns and 2) coordinated inauthentic behavior on behalf of a foreign or government actor.

Coordinated Inauthentic Behavior (CIB) – domestic

When we find domestic, non-government campaigns that include groups of accounts and Pages seeking to mislead people about who they are and what they are doing while relying on fake accounts, we remove both inauthentic and authentic accounts, Pages, and Groups directly involved in this activity.

Foreign or Government Interference (FGI)

If we find any instances of CIB conducted on behalf of a government entity or by a foreign actor, we apply the broadest enforcement measures including the removal of every on-platform property connected to the operation itself and the people and organizations behind it.

Brigading: adversarial networks where people work together to mass comment, mass post, or engage in other types of repetitive mass behaviors to harass others or silence them.

Mass Reporting: adversarial networks where people work together to mass-report an account or content to get it incorrectly taken down from our platform.

Cyber espionage: when actors typically target people across the internet to collect intelligence, manipulate them into revealing information, and compromise their devices and accounts.

Now that the terminology is out of the way, what has been Azerbaijan’s performance in Facebook/Meta’s previous reports? Not good to say the least. 

Previously, Azerbaijan was mentioned in two CIB reports both published in October 2020. “We removed 589 Facebook accounts, 7,665 Pages, and 437 accounts on Instagram linked to the Youth Union of New Azerbaijani Party. This network originated in Azerbaijan and focused primarily on domestic audiences. We identified this network through an internal investigation into suspected fake engagement activity in the region,” read the report [New Azerbaijan Party is the ruling party of Azerbaijan that’s been in power since the early years of the country’s independence.]

“While the individuals behind this activity used fake accounts — some of which had been already detected and disabled by our automated systems, they primarily relied on authentic accounts to create Pages designed to look like user profiles — using false names and stock images — to comment and artificially boost the popularity of particular pro-government content. This network appeared to engage individuals in Azerbaijan to manage Pages with the sole purpose of leaving supportive and critical commentary on Pages of international and local media, public figures including opposition and the ruling party of Azerbaijan, to create a perception of wide-spread criticism of some views and wide-spread support of others. From what we’ve seen, it appears that most of the engagement these comments received were from within this network of Pages themselves. Our analysis shows that these comments were posted in what appears to be regular shifts during working hours in Azerbaijan on weekdays.”

Here the biggest credit goes to Facebook whistleblower Sophie Zhang who was the first person to flag these inauthentic accounts and pages to her management as early as 2018 [the year of the presidential election in Azerbaijan] who only took notice after she published an internal memo detailing, how the company was ignoring manipulation of its platform by political parties and heads of government not only in Azerbaijan but in a number of other countries. Zhang was fired after leaking the memo, allegedly over “poor performance.” By then, it was clear the company had to do something. They took notice and removed hundreds of accounts and thousands of pages, reported BuzzFeedNews. 

In April 2021, Facebook said it has removed another “124 Facebook accounts, 15 Pages, six Groups and 30 Instagram accounts from Azerbaijan that targeted primarily Azerbaijan and to a much lesser extent Armenia.” The “April 2021 Coordinated Inauthentic Behavior Report” said, that the network of accounts was discovered “as a result of [Facebook’s] internal investigation.” The report identified “third-party Android applications — Postegro and Nunu,” misleading users “into giving away their Instagram credentials.” At the time [the report was published in May 2021] the company said, its CIB investigation discovered links between the accounts “to individuals associated with the Defense Ministry of Azerbaijan.”

A month before this report was published, AzNet Watch investigated brigading against Meydan TV, an independent and now exiled online newsroom: 

What does art, shopping retail, web design, sports, cosmetics, and e-commerce website have in common? Absolutely nothing, except these, are all various categories available on Facebook when setting up pages. Since 2019, Facebook removed the limit on the number of pages a user can set up. Unfortunately, Facebook did not take into account, how this innocent feature update, if in the wrong hands, can do harm. In the case of Azerbaijan, this is exactly what happened, when Meydan TV, an independent Berlin-based news platform, shared a call for applications for a program, held in partnership with Brussels-based human rights organization, International Partnership for Human Rights in February 2021.

Also in April, The Guardian published this story explaining how Facebook allowed state-backed harassment campaigns, target-independent news outlets, and opposition politicians on its platform.  The story in The Guardian looked at another case of Azerbaijani online news platform – Azad Soz (Free Speech). Its Facebook account was flooded with over 1.5k comments over a post about two men sentenced to eight months. The Guardian investigation analyzed the top 300 comments and discovers that 294 out of 300 comments were inauthentic Facebook pages.  Just like in the case of Meydan TV. 

But it was not just Meydan TV and Azad Soz that were targeted. Mikroskop Media, an independent online news platform based in Riga, too experienced similar targeting. And so did Azadliq Radio, Azerbaijan language service for Radio Liberty.

Now a year later, the new report said it, “disrupted a complex network in Azerbaijan that engaged in both cyber espionage and coordinated inauthentic behavior. It primarily targeted people from Azerbaijan, including democracy activists, opposition, journalists, and government critics abroad. This campaign was prolific but low in sophistication and was run by the Azeri Ministry of Internal Affairs. It combined a range of tactics — from phishing, social engineering, and hacking to coordinated inauthentic behavior.” The list of tactics, techniques, and procedures (TTPs) used included: compromised and spoofed websites; malware and other malicious tools; credential phishing; and finally the CIB. 

Nothing illustrates the extent of control over the platform like real examples. Last month, AzNet Watch successfully helped restore access to a popular page on Facebook, called “Humans of Azerbaijan.” It was compromised in 2017 and remained inactive until fall last year when its new admins [suspected of being the state security services] started posting compromising content targeting various civil society activists. Eventually, the account was returned to its original owner, Mehman Huseynov. But its comeback was short. Earlier this month, the account was compromised yet again. The perpetrators argued with Facebook that Huseynov was in fact not who he said he was, and instead, sent Huseynov’s ID to the company to confirm their “real” identity. The perpetrator claimed that Huseynov hacked the page. Shortly after, all of the pages managed by Huseynov received multiple complaints making the same claims – that Huseynov was not the real Huseynov. Facebook responded by blocking all of Huseynov’s accounts. Including his own profile. The state security services have access to citizens’ private information – including copies of National IDs, phone numbers and other personal information. 

At the end of the day, what platforms like Meta must understand is that these are not some isolated cases but regular, targeted measures deployed by the government institutions and that to really tackle this kind of brazen behavior and prevent the damage inflicted on the platforms’ active users, the company must adopt measures that offer better protection to users, especially from certain civic groups who are often the main targets. Above all, understanding the political contexts and the role platforms like Facebook play in these contexts would be a step in the right direction. So will Meta take notice?