USA TODAY asks FBI to probe rise in fake Facebook followers

The parent company of USA TODAY said it had asked the FBI to investigate a wave of fake Facebook accounts so large it accounted for half of the newspaper’s following on the social media platform.

Facebook purged millions of those fake accounts from USA TODAY and other publishers three weeks ago, the latest salvo in the social giant’s battle against scammers and spammers seeking access to its platform and its 1.94 billion users.

Those axed accounts included more than a third of USA TODAY’s approximately 15.2 million Facebook "likes" at the time. Executives of Gannett Co., parent of USA TODAY and 109 local news properties, said Thursday millions of its remaining followers also were fake, and it continued to accumulate a thousand phony followers a day.

Facebook on Friday said it's detected additional suspicious activity since its April fake-account crackdown, some of which look similar to the campaign it disrupted in April. Others more closely resemble common fake profiles that post spam comments and attempt to look legitimate by engaging with businesses' Facebook pages.

"After we identified the additional set of violating accounts, we notified our partners at USA Today, and are taking action against these accounts," said  Shabnam Shaik, technical program manager on Facebook's protect and care team, in a statement. She declined to reveal how many fake accounts Facebook had discovered.

Facebook has said in filings with the Securities and Exchange commission that it estimates about 1% of its monthly worldwide active users are "misclassified" accounts, which it says includes both fake accounts and those that don't abide by its terms of service, such as people creating accounts for their pets. The company believes the majority of these are outside of the United States. The company declined to say what the ratio between these types of misclassified accounts was.

The continued presence of phony accounts hasn't checked the social network's user growth, but they can cause confusion and havoc for individual users and companies. Fake profiles that masquerade as real people have also caused tragedy, such as the torture and killing of a university student in Pakistan after someone set up a fake Facebook account in his name that allegedly contained blasphemous content.

In USA TODAY's case, it's not clear why spam operators have targeted the media company's Facebook pages in droves.

   
"We don’t know why the scope of impact on USA Today’s Facebook Page appears greater than any other publisher," said Shaik.

Facebook suggested three weeks ago that a "major spam operation" had set up the accounts as a way to access and potentially spam and scam its users. These fake accounts follow and comment on publishers’ pages to lend a veneer of credibility that might help the account operators connect with real users while veiling them from Facebook's automatic fake account detectors.

USA TODAY appears to have been the main target of this operation. Gannett contacted the FBI late Wednesday because the barrage was “not stopping,” and the company is no closer to identifying its source, said Maribel Wadsworth, the publisher’s chief transformation officer. The FBI declined to comment.

While creating fake accounts violates Facebook's terms of service, it probably isn't a crime. But a proliferation of such accounts risks damaging a publisher's brand at a time when the social network is one of the key ways news organizations reach their readers.

When Facebook purged the fake accounts in April, it cut 200 million fake likes from the pages of major publishers, including 20,000 from the U.K.'s Guardian. Some 12 million were from USA TODAY and affiliates, the single largest group, Wadsworth said. The discovery comes after Gannett had touted the extent of its reach on the social platform, including in a Feb. 22 report to its shareholders. Gannett said it has not seen a drop in Facebook referrals to its own properties since Facebook said it was tackling the spam operation.

Fake account trait: Worked for the Yankees

Wadsworth said Gannett has taken steps to prevent its Facebook pages from attracting more fake followers, including blocking new followers from Bangladesh, one of the countries the company thinks is the source of a significant proportion of the spam accounts.
One batch of fake accounts featured posters who appeared to be in countries such as Bangladesh, India, Egypt and Pakistan, often with comments written in Bengali, Hindi, Urdu and Arabic. These appear to be manually created accounts, as opposed to accounts created by software, suggesting somewhere in the world humans are busy setting up these profiles.

These are made to look more realistic by adding likes and friends, though their comments can look like spam and are often just copied text from random sources. The spam operation Facebook tried to purge in mid-April appeared to come from accounts located in Bangladesh, Indonesia, Saudi Arabia, and other countries, the social network said at the time. The company said it had been targeting that operation for six months.

“We saw one of these accounts post gibberish, it was literally just “13459u2 34ltijsre” and then it had 4,000 “likes” because there were 4,000 fake accounts and they were all liking each other,” said Dan Nadir, vice president for digital risk at Proofpoint, a security company that provides social media protection and compliance for USA TODAY.

Another batch of fake accounts featured a female name that would be common in the United States and with a photo of an attractive young woman.

“They’re always students, they’re always single and they tend to say they work for popular sports teams. We’ve seen thousands of them that say they work for the New York Yankees,” said Nadir.

Almost immediately after they are created, the profile holder goes to the USA TODAY page on Facebook and follows it. Users who visit USA TODAY's Facebook page actually won’t see many of these accounts because they’re the easiest to spot and the ones Proofpoint's software can immediately delete, said Nadir

'Numbers game'

In one way or another, fake Facebook accounts are usually designed to make money. Operators of a scam can use the fake followers to send links to malware or to sell questionable weight loss products or send messages asking for money from someone who claims to be a friend stranded in a foreign country who’s lost their password, said Dennis Yu, chief technology officer with BlitzMetrics.

The true money-making opportunity is getting a real Facebook user to “friend” one of the fake accounts. The average Facebook user has 350 to 400 friends. So even if only one real person accepts the fake account's friend request, it can then attempt to spam all their friends, said Yu.

"It's a numbers game. These fake accounts are cheap to create and if they can get just one person to click on the link they can make enough to cover the cost," he said.

Wadsworth said there was no indication of a security risk to legitimate followers of USA TODAY's Facebook page.

Media company pages are especially enticing to the spammers because they post articles frequently, giving the fake accounts many opportunities to “like” the posts and therefore seem more like real accounts.

The April purge of fake accounts reduced USA TODAY’s Facebook likesby 6 million, from 15.2 million to 9.5 million as of Thursday night. Wadsworth said Facebook told Gannett it planned to purge another 3 million accounts soon, which could reduce overall followers to as low as 6.5 million.

Merely creating accounts – even a lot of them – that violate Facebook’s terms probably wouldn’t be a crime, said Orin Kerr, a George Washington University law professor and director of the school’s Cybersecurity Law Initiative. “Beyond that, it would depend on what they did with the fake accounts.”

Facebook said in mid-April it didn't appear the spam operation had been activated yet. It didn't involve any paid ads. Still, Gannett had halted marketing efforts meant to attract new readers until it gets the issue under control, Wadsworth said. She said an internal investigation had found no evidence that Gannett or its marketing campaigns had deliberately attracted fake accounts.

Facebook steps up fight on state-led propaganda

The new effort expands Facebook´s security efforts beyond "abusive" actions such as hacking and financial scams to "more subtle and insidious forms of misuse, including attempts to manipulate civic discourse and deceive people," according to a white paper released by the world´s leading social network.

The initiative is part of Facebook´s efforts to counter "fake news" but goes beyond that to tackle efforts by governments and non-state entities to use the social network to manipulate public opinion.

With the new effort, Facebook will be using its security team to take aim at so-called "information operations" that aim "to distort domestic or foreign political sentiment," the document said.

Facebook said it will focus on three areas in this drive: "targeted data collection" by governments to locate and counter dissidents; "content creation" or fake news spread via the social network; and "false amplification," or using artificial means or automated "bots" to promote or denigrate a group or cause.

Facebook, which came under criticism for its role in the spread of misinformation during the 2016 US presidential campaign, has argued the platform did not play a major role in influencing voters.

But in Thursday´s white paper, Facebook said it "responded to several situations that we assessed to fit the pattern of information operations."

"We have no evidence of any Facebook accounts being compromised as part of this activity, but, nonetheless, we detected and monitored these efforts in order to protect the authentic connections that define our platform," the report said.

Facebook said it "is not in a position to make definitive attribution to the actors sponsoring this activity" but added that its data "does not contradict" the conclusions of US intelligence in January that Russia sought to influence the election outcome.


Separately, Facebook released its global transparence report showing government requests for account data increased by nine percent in the second half of 2016 from 59,229 to 64,279 requests.

About half of the data requests from law enforcement in the US contained a "non-disclosure order" that prohibited Facebook from notifying the user, it said.

Uber wants to launch ´flying cars´ by 2020

The ridesharing giant announced a series of partnerships to manufacture "vertical takeoff and landing" (VTOL) vehicles and put networks in place, a system dubbed Uber Elevate.

The partner cities working with Uber are Dubai and the Dallas-Fort Worth metropolis in Texas.

"The goal of these partnerships is to develop a new on-demand VTOL network to enable customers in the future to push a button and get a high-speed flight in and around cities," Uber said in a statement.

The announcement came at a summit held in the Dallas area with partners in the project.

"What started as a simple question ´why can´t I push a button and get a ride?´ has turned, for Uber, into a passionate pursuit of the pinnacle of urban mobility -- the reduction of congestion and pollution from transportation, giving people their time back, freeing up real estate dedicated to parking and providing access to mobility in all corners of a city," said Uber chief product officer Jeff Holden.

"Urban aviation is a natural next step for Uber in this pursuit, which is why we are working to make push a button, get a flight a reality."

Uber´s goal is to have the first demonstration network in place in Dubai for the 2020 World Expo in that city, and to have "full-scale operations" in Dallas by 2023.

The announcement came a day after Silicon Valley "flying car" startup Kitty Hawk, reportedly backed by Google co-founder Larry Page, released a video of its airborne prototype and announced plans for deliveries of a "personal flying machine" this year.

Uber´s plans appear more ambitious, and include partnerships with US-based Bell Helicopter, Brazilian manufacturer Embraer and Slovenia´s Pipistrel to produce flying machines for short distance urban operations.

"Uber´s Elevate network is an exciting opportunity for Bell Helicopter to help transform how cities move people and products in the future," Bell president and chief executive Mitch Snyder said in a statement.

Embraer vice president Antonio Campello said: "We share Uber´s revolutionary vision that the state of transportation in congested cities is ripe for innovative solutions."

The Uber plan also includes partnerships for "vertiports" for the flyers to take off and land, along with changing stations for the transporters, which are expected to be mainly electric-powered.

Microsoft creates ´Dubai Font´ typeface for the city

Dubai: The Dubai government on Sunday announced the launch of "Dubai Font", the first typeface developed by Microsoft for a city, which will be available in 23 languages.

The font was developed simultaneously in Latin and Arabic script and is available to 100 million Office 365 users around the world.

Dubai Crown Prince Hamdan bin Mohammed al-Maktoum has urged all government institutions to adopt the font in official correspondence.

The Executive Council of Dubai, which manages the affairs of the city-state and is headed by Prince Hamdan, said the font reflects the United Arab Emirates´ vision "to become a regional and global leader in innovation".

"It is the first font to be developed by a city and to carry its name", Executive Council secretary general Abdulla al-Shaiban told a news conference.

Home to the world´s tallest tower and the largest shopping mall in the Middle East, image-conscious Dubai has pushed in recent years to broaden its appeal by investing in its technology and culture.

The emirate also aims to emerge as the world´s happiest city, and last year appointed a happiness minister.

In 2016, some 14.9 million tourists visited Dubai, the most liberal of the UAE´s seven emirates and its least dependent on oil revenues.

Dubai will host the six-month Expo 2020 under the themes of sustainability and mobility.

Wikipedia founder aims to 'fix the news' with collaborative website

The new platform, called Wikitribune, will be free to access and carry no advertising, instead relying on its readers to fund it, while the accuracy of news reports will be easily verifiable as source material will be published, Wales said.

"The news is broken, but we've figured out how to fix it," he said in a promotional video posted on the website's homepage.

The online proliferation of fake news, some of it generated for profit and some for political ends, became a major topic of angst and debate in many developed countries during last year's U.S. presidential election.

Wales argued in his video that because people expected to get news for free on the Internet, news sites were reliant on advertising money, which created strong incentives to generate so-called "clickbait", catchy headlines to attract viewers.

"This is a problem because ads are cheap, competition for clicks is fierce and low-quality news sources are everywhere," said Wales.

He also argued that social media networks, where an ever-increasing number of people get their news, were designed to show users what they wanted to see, confirm their biases and keep them clicking at all costs.

Social media giant Facebook was widely criticized last year for not doing enough to prevent fake news reports from spreading on its platform, and has announced new tools to tackle the problem.

Wales said Wikitribune would combine professional, standards-based journalism with what he called "the radical idea from the world of wiki that a community of volunteers can and will reliably protect the integrity of information".

He said articles would be authored, fact-checked and verified by journalists and volunteers working together, while anyone would be able to flag up issues and submit fixes for review.

"As the facts are updated, the news becomes a living, evolving artifact, which is what the Internet was made for," he said.

The Wikitribune homepage said the platform would go live in 29 days. It also indicated that the intention was to hire 10 journalists, but none had been hired so far.

Google agrees to pay $334 mn to settle Italy tax dispute

U.S. Internet giant Google has agreed to pay 306 million euros ($334 million) to settle a tax dispute with Italian authorities, a company spokeswoman said, confirming a Reuters report.

In a statement, the spokeswoman said the agreement covered the period between 2002 and 2015.

"In addition to the taxes already paid in Italy during those years, Google will pay another 306 million euros," the statement said.

Spam campaign targets Google users with malicious link

Google said on Wednesday that it had taken steps to protect users from the attacks by disabling offending accounts and removing malicious pages.

The attack used a relatively novel approach to phishing, a hacking technique designed to trick users into giving away sensitive information, by gaining access to user accounts without needing to obtain their passwords. They did that by getting an already logged-in user to grant access to a malicious application posing as Google Docs.
"This is the future of phishing," said Aaron Higbee, chief technology officer at PhishMe Inc. "It gets attackers to their goal ... without having to go through the pain of putting malware on a device."
He said the hackers had also pointed some users to another site, since taken down, that sought to capture their passwords.
Google said its abuse team "is working to prevent this kind of spoofing from happening again."
Anybody who granted access to the malicious app unknowingly also gave hackers access to their Google account data including emails, contacts and online documents, according to security experts who reviewed the scheme.
"This is a very serious situation for anybody who is infected because the victims have their accounts controlled by a malicious party," said Justin Cappos, a cyber security professor at NYU Tandon School of Engineering.

Cappos said he received seven of those malicious emails in three hours on Wednesday afternoon, an indication that the hackers were using an automated system to perpetuate the attacks.
He said he did not know the objective, but noted that compromised accounts could be used to reset passwords for online banking accounts or provide access to sensitive financial and personal data.