This is part of an ongoing series where I review some of the ads purchased by the Russians. In doing so I hope we can get a better understanding of what they were trying to do, and how to recognize it the next time we’re faced with propaganda.
If you want to follow along, the ads can all be downloaded here. All of today’s ads can be found in the 2016-q2/2016-05 folder.
The Russians did more than just place ads on people’s social media feeds. While going through the May 2016 ads I saw some for a “Facebook feature” called “Face Music” which allows the users to listen to and share music while browsing the web. There was a total of 106 ads for this feature, all of which were some version of p(1)0005965:
The ads targeted both males and females, from ages 13 to 30. I wondered why the Russians bought these posts to advertise a Facebook feature.
They didn’t. Turns out this isn’t a plug-in authorized by Facebook, but an independent Chrome plug-in. The site, musicfb.info, was registered in St. Petersburg, Russia. Yes, that’s where the Internet Research Agency is based out of. And, yes, every single one of the ads for that feature was posted through the IRA’s “Stop All Invaders” Facebook group. The site has since been taken down, but an archived version of the page can be found here.
(It’s worth noting that, in all 106 ads, there were 25,246 ad impressions and only 85 click throughs. I have no statistics on how many downloads the actual program had. Considering the target audience and the group through which the ads were placed, it seems they had poor marketing.)
The plug-in was granted access to post and modify information on the person’s computer as well as post messages to the user’s friends. Malwarebytes Labs researcher Jérôme Segura noted that the program itself did not contain malicious code but exploited permissions granted to Facebook and Google.
So what’s the answer to all this? Even if we do our dillegence and not open or download suspicious software ourselves, a friend or family member could leave you open by proxy. I wish I had answers but unfortunately I don’t.
THIS IS AN OPEN THREAD. Take care, and have a pleasant Saturday.