MY TAKE: What ace-in-the-hole does Devon Nunes have that McCarthy would have loved?

When Russian botnet controllers deployed their bots on yet another social media blitz last week, they participated in a campaign that took a page from Sen. Joseph McCarthy’s play book,

On Feb. 9, 1950, at the height of the Cold War, McCarthy infamously brandished a list of what he claimed were 57 subversive communists who had infiltrated the heart of the U.S. government. It was baseless propaganda, of course.

Fast forward to January 2018. Rep. Devon Nunes (R-Calif.) comes up with a  top secret memo purporting to show how the FBI was being manipulated to persecute Donald Trump. On cue, Russian botnets unleashed the #Releasethememo campaign, spoofing a supposed grass roots call to make the contents of Nunes’ memo public.

Machiavellian move

McCarthy, of course, didn’t want the contents of his list revealed. Seems clear to me that neither Nunes, nor the Russian botnet operators, really wanted the text of  his memo made public either.  The botnet-driven social media blitz, I believe, was a Machiavellian attempt to add validity to the secret memo — by intimating a cover-up.


Whichever side of the political spectrum you occupy, it is inarguable that the deploymet of Russian propaganda botnets continues to accelerate. Let’s not forget how Russian botnets fueled wildly conflicting polling results during the 2016 presidential race, not to mention fabricated 6.1 million Twitter followers for then-candidate Donald Trump.

“Propaganda campaigns on social media platforms, such as #ReleaseTheMemo have become both ubiquitous and trivial to initiate on the modern internet,” says Andrew Jones, a senior sales engineer at Shape Security.

Twitter and Facebook are the platforms of choice. “An intelligent adversary will typically maintain multiple aged accounts and use social engineering tactics to increase the number of followers for each one, focusing especially on adding high profile or influential followers,” Jones says.

This helps establish a sheen of legitimacy, so later, when the need for a specific propaganda blitz arises, the bots can “subsidize any human sponsored retweets or posts related to the propaganda to attract further attention,” Jones adds.

Driving the news cycle

Given Trump’s daily use of Twitter to express himself, follow-on Twitter campaigns driven by Russian botnets have become widespread. A typical goal is for the bots to elevate the exposure of  a tweet or a hashtag topic so that Twitter designates it as a “trending topic.”

This can drive the daily news cycle by arresting the attention of major news outlets, all too many of whom now routinely feed off trending topics to report the news.


It’s actually not technically difficult to identify these bots in action, which begs the question of why Twitter and Facebook aren’t doing more to filter bogus tweets and posts from their respective platforms.

“Bots used to support the propaganda are sometimes easy to identify,” Jones observes. “Either they are freshly created accounts, using disposable contact information, and immediately begin posting information supporting the campaign, or they might be longer lived and show a trend of simply retweeting or posting formulaic messages over and over again.”

The challenge for Twitter is one of scale. It has around 330 million users. That means neutralizing Russia’s propaganda bots would not be easy or cheap. But we’re talking about protecting the essence of our democracy. If that’s not a national security issue, I don’t know what is.

And yet things are probably going to have get much worse before they get better. “Twitter, Facebook, and the rest of the social media platforms will need to dedicate significant monetary investments to combat automation being used against them today, and without a tangible return on investment there’s not much incentive to do that,” Jones observes.

Tempering the threat

The need to address malicious botnets as a singular threat was driven home this month the National Telecommunications and Information Administration and the National Institute of Standards and Technology, which issued  a report specifically addressing botnets.  NTIA and NIST are  calling upon other federal agencies to seek out partnerships with private industry to implement six “principal themes” and five “complementary and supportive goals” designed to mitigate botnet threats.

Technically, there’s absolutely no reason the U.S. couldn’t match and exceed Russia’s cleverness marshaling machine learning and automation to counter malicious bots. There is no shortage of highly innovative data and network technologies. Companies like Shape Security, Distil Networks, Perimeter X and numerous others are offering new, cost-effective ways to aid in the proactive detection and mitigation of malicious botnet activity.


 “Companies can challenge the bot to prove that it is a human, using various puzzles, and machine learning to determine if it is a real user,” says Rami Essaid, chief product &  strategy officer at Distil. “All of this should happen in real-time before the bot gains access to the site.”

Someday, botnets could be ushered into obsolescence by networks designed to repel them. We’re a long way from that day. At this moment, Twitter and Facebook are in the best position to make a quick, tangible impact to curtail Russian botnets.

While we definitely should  applaud the work of organizations like NTIA , NIST and the  National Council of ISACs that are championing voluntary best practices, it will take a long time for these voluntary guidelines to make a difference. Congress may need to rise above its dysfunction to address botnets.




*** This is a Security Bloggers Network syndicated blog from The Last Watchdog authored by bacohido. Read the original post at: