tv Facebook and Election Security at Tech Crunch Disrupt San Francisco CSPAN October 2, 2018 5:46am-6:09am EDT
the handling of russian interference in the 2016 election. he spoke at a recent tech crunch disrupt. >> everything is branded, everything. welcome to our brand. welcome to the stage. for anyone who may not know, alex was at yahoo as the chief information security officer, you left for facebook and you spent three years at facebook and now you are moving on to bigger and different things. i don't know if they are better, i guess you don't know? >> i have been so bored, i wanted to get into academia. >> obviously we may have a hard time figuring out what to talk about, it's been quiet at facebook. >> we will kick it off easy
and dive in and talk about russia. it is a light topic. >> the country, a beautiful place. i wish i could visit. >> i have a map, you know how people have maps of every state they've been to, i have the map of countries i can never visit and that is the biggest area. >> that's unfortunate, maybe things will change. obviously yesterday, your former boss sat in front of the senate committee testifying about facebook and russia and interference in the presidential election and moving forward, famously after the election, mark zuckerberg made the comments the idea that facebook impacted the election was a crazy idea. so, i would love if you could take us through the day, that you and your team realized russia had in packed and interfered on the platform. >> there wasn't one day. we first spotted russian
activity in the spring before the election. our company and a bunch of other of the big ones have full-time threat intelligence teams, our job is to track persistent government actors, groups that are involved in doing things on the platform. we had a team that was watching the activity of what people call fancy beer or ht 28 or believed to work for the gr you which is the main intelligence director of the russian military. we saw some stuff from them in the spring before the election and in the end their hacking activity happened off facebook. at the time the way this worked was we had a relationship with law enforcement in the u.s., we informed them of the things we found and later on we heard about the hacks and some other stuff so we tried to move quickly to shutdown their ability to amplify that on facebook.
but at that time we didn't have a handle on the activity we found later. it wasn't one day but after the election we dove into the fake news problem and a big question was what is behind this, of all of this called fake news, what is driving it and it turns out the vast majority is financially motivated. some of the stereotypical macedonian teenagers who exist. and who are living the good life as well as folks in romania, pakistan and a a bunch of other places with good english comprehension, technical skills and low cost structure to run these large groups to do fake news farms, they are behind most of it but we started to find these chunks of things that were not monetize a bowl and leading up to the announcement in september of 2017 of the biggest chunk came from the internet. there wasn't one day, it was a
progression where we first saw a little bit during 2016 and the public stuff happen around the gr you, the creation of the dc leagues personas and probably the big chunk for us was the ira cluster we found in the advertising that came with it. >> that is interesting, they were in a bucket and you said they were not monetize a full which indicated another motive. >> if you want to try to determine if something is financially motivated, one of the signs is if they take you off the social network. the people who want to make money do so by doing arbitrage, they will push spam on twitter or facebook or any other network, take you to a website on which they run ads. some of those advertisers know they are there, some of it is fraud, they will run -- if you go to a fake news site and you are a cpu fan and it spins up
there could be a 4k bmw add running hidden elements. but they are trying to take the traffic. with the internet research agency is they want to to re- share content so what they like to do is images, download, re-share and take credit. that makes them no money, you can't make money if you share this over and over and that's a good indication someone is paying them. >> that is interesting. in my personal life i have a hard time communicating to the folks who wouldn't be at this conference, how to look out for this content, it's an ongoing process, facebook is going through this and finding new buckets of suspicious activity and they have been transparent in the last year to their credit. it is hard to tell people how to know what to look for. >> i think one of the hard parts, there is a lot of smuggling of the messages they
want to push through intermediaries. if you look at the russian campaign against the 2016 election, two buckets, the gru work which is about hacking and leaking, they hacked data from the dnc and other folks and they used the information to create the new stories they wanted to see in the media and amplified it using their trolls later. but in that case it was legitimate newspapers and cable news networks and legitimate journalists who were carrying the message and washing it through the respectability of the outlets and changed the entire conversation which is a different model than the ra -- ira which is to push messages directly. in that model it is less about this candidate or not. the gru was targeted at hillary. they used a weekend future hillary presidency, less about electing trump, i find it
unlikely the russians are better than nate silver at predicting elections, it seems they were assuming hillary presidency as a threat to them, it has been documented that putin has personal issues and she was behind the protection -- protests in his election in 2012. they wanted to weaken her, ira activity started before and has lasted after and it's about driving wedges into american society so it's much more dispersed but that is direct messages you are getting straight to them and they are pretending to be americans or legitimate outlets and they don't seem as good at getting their messages carried by the media but that is fine because they are going straight to people's eyeballs. >> do you think that we need to redefine cyber security? it is something you touched on
in your blog post, it's informative and well laid out argument for what needs to happen to secure elections. do you think we need to expand the definition of cyber security? i feel like that was what must've been one of the most disorienting things early on. i feel like you have to go to your team or whoever at facebook, your boss doesn't say we were attacked but is thing happened. how do you describe it? >> you are totally right about redefining security. i don't know if we will use it as the term, i spent years fighting cyber and now i am old because i have a graybeard. i say cyber without irony. but i've grown up in this that i come from a traditional information security background. teenage hacker, started a security consultancy with the security researcher, finding bugs, software flaws, in my jobs with yahoo and facebook i had to go to the realization
that the vast majority of harm caused by technology does not have any kind of interesting technical component. it is the tart clinically correct -- technically correct use of the products we use. the abuse of children, harassment of individuals, suicidal ideation, these are things that have no technically interesting component to them yet are incredibly harmful. i think we as an industry need to vastly expand how we deal with this because that's not actually studying those issues what we call trust and safety or facebook that determines integrity, those kinds of safety issues, there is not a field around it. you can't take classes in any good school, it is not something you put on your linked in resume, how do you hire those folks? it is hard to find him and that is something to give you the soft pitch for the pivot.
something i am trying to work on at stanford. if we are going to graduate the students who are going to try to change the world, they should have an understanding of these ways technology has been misused in the past and we need to build a cross disciplinary academic center around looking at all the ways technology can be misused but doesn't solve within the confines of information security. >> and you build a time machine so we can go back and have that? >> this is the tough part. it has always been true that our technological achievements outpace the understanding of how this will be abused and the fixes. that is true in traditional security and trust of the safety area. i wish that people had an understanding of these things, i wish the big companies had a better understanding of these things years ago that is not how we have trained people and how they have grown up.
>> switching gears, i want to talk what your choice to move from yahoo to facebook. and the twitter verse and security community, you are regarded as a champion of privacy. how did you reconcile concerns users might have around data privacy on facebook and the business which is predicated on using data to target ads. this is a tough balancing act, if you want to actually make change, you have to be the man or woman in the arena. teddy roosevelt wasn't thinking in a gender-neutral way but you have to put yourself in a position that sometimes you're going to have a fight and you will fight with folks who might disagree with you and you have a chance to change minds. i think the ad supported internet is something that will last for us for a long time. we will not get away from the