Monthly Archives: March 2020

Illinois US Congressman Bobby Rush speaks to the crowd at a rally for Illinois Governor Pat Quinn at the Chicago State University Convocation Center on the South side of Chicago.

Ralf-Finn Hestoft | Corbis | Getty Image

Rep. Bobby Rush sent a letter to the CEOs of Facebook and Twitter on Friday asking how they are combating "race-based targeting and harassment" as misinformation around the new coronavirus spreads online.

"I have been profoundly disappointed to see countless examples of misinformation and downright lies propagated on your platforms," the Illinois Democrat wrote. "Furthermore, much of this misinformation has also conveyed racist themes and language literally adding insult to injury."

Rush pointed out one example of race-based misinformation about COVID-19 on Twitter from earlier in the day. The congressman tagged Twitter and CEO Jack Dorsey in a message commenting on a post that falsely claimed "Blacks are not getting Coronavirus!"

"[W]hat exactly are you doing about this type of blatant misinformation?" Rush said on Twitter. "By allowing these lies to spread, you are COMPLICIT in any harm that may be suffered by members of my community as a result."

The claim that COVID-19 doesn't affect people of color is not supported by evidence. The Centers for Disease Control and Prevention says on its website, "Diseases can make anyone sick regardless of their race or ethnicity." PolitiFactrated the claim that the pigment melanin makes people of color immune to the coronavirus as false. PolitiFact is a fact-checking partner of Facebook's and reviewed the claim after an article purporting it to be true was shared and flagged on the platform.

Rush said in the letter that race-based misinformation about the virus can have real repercussions.

"Such characterizations have led to race-based violence around the world and have attempted to lull certain racial groups into a dangerous, false sense of security regarding their susceptibility to this disease," Rush wrote.

COVID-19 is just the latest topic to become ripe for misinformation claims, whether intentional or not.

Facebook, Twitter and other tech companies have already taken proactive measures,like directing users to reliable sources of information on the virus, to combat misinformation and other harmful practices related to COVID-19 on their platforms. The companies were among a group of tech peers that participated in a meeting with the World Health Organization (WHO) to find a way to reduce the spread of misinformation online, CNBC previously reported. The companies also reportedlyparticipated in a call with the White House this week to discuss similar topics.

Rush wants to know specifically what Facebook and Twitter are doing to prevent misinformation from spreading on their services, how they're discouraging race-based targeting and how they're making their platforms reliable places to serve accurate information.

Both companies acknowledged receiving the letter but didn't provide a comment.

Subscribe to CNBC on YouTube.

WATCH:Tech firms step up efforts to fight coronavirus misinformation

Continued here:

Facebook and Twitter slammed by congressman for allowing spread of 'racist themes and language' about coronavirus - CNBC

LightRocket via Getty Images

A worrying new security report claims that devious hackers have developed a new exploit to target the Facebook accounts of Android users. To be more accurate it is two separate exploits that work in tandem towards a common goal. We increasingly see multiple malware used in parallel, each with a specific objective, but this crafted approach with two exploits from the same hacking team is an interesting twist.

According to Kaspersky, the goal of the attack is to gain unauthorized access to Facebook accountsand it all starts with hackers targeting an Android phone to capture Facebook cookies from the devices browser and the app itself. This is done by acquiring root access and establishing a comms link out to a C&C server.

Facebook is one of many apps that will have dropped cookiesidentifying codeonto the device, such that the user is recognized next time they login. This is why you can stay logged in to apps, because they can trust its you. Cookies make the world wide web go round, but they can also be the nasty little tracking tokens that follow us across the internetmultiple sites, multiple platforms.

This, though, is a new cookie problem. That said, stealing a Facebook cookie doesn't let you back into Facebook from a different device without credentials. The platform detects youre coming from an unknown location and blocks you, asking you to sign-in, potentially locking the account. And thats where the second part to this malicious attack kicks in.

This attack is designed to defeat the very way that the stay logged in security works. It does so by hijacking the Android device to use as a proxy server through which the attackers can access Facebook. So, while the attackers are sitting someplace else, Facebook sees the account access as coming from the expected device. The login works. All without the user having any indication of a compromise.

By combining these two attacks, Kasperskys Anton Kivva and Igor Golovin say in a March 12 blogpost, cybercriminals can gain complete control over the victims account and not raise a suspicion from Facebook. This devious marriage of Trojan-Spy.AndroidOS.Cookiethief and Trojan-Proxy.AndroidOS.Youzicheng has only just started to hit its first thousand target accounts. But the figure is growing.

Kaspersky says in its report that this abuse technique is possible not because of a vulnerability in Facebook app or browser itselfmalware could steal cookie files of any website from other apps in the same way and achieve similar results.

This was echoed by Facebook, with a spokesperson telling me Kasperskys report identifies how an attacker using malware can compromise someones device, not a vulnerability in Facebooks code. We recommend that people use the latest version of Android or iOS to help protect against this kind of attack.

Account hijacking is an increasing problem, as attackers look to spread malware and malicious phishing links through victims to their contactsthis is basic social engineering. If I receive a Facebook message from a friend, I am far more likely to click the link or open the attachment than if its from someone unknown.

On the C&C server, Kaspersky says, we also found a page advertising services for distributing spam on social networks and messengers, so it was not difficult to guess the motive behind the cookie-theft operation.

I have reported before on more laborious hacks on messaging platforms to achieve the same goal, this is simply an automated approach. There are certain precautions users can take to defend against this attacknot staying logged in for example, deleting cookies or blocking their access. But realistically, this is a vulnerability that needs to be detected and blocked in the exploit phase. One can expect Google and Facebook to be looking into a more permanent solution now.

Read the original here:

This Is Androids Newest Threat: Your Facebook May Now Get HackedHeres How It Will Happen - Forbes

Facebook and Twitter have disabled dozens of accounts tied to an elaborate Russia-linked troll network based in Ghana that targeted African Americans across social media in an effort to provoke racial tensions, according to CNN, which shared its findings with the two social media platforms. To evade detection, Russia-linked actors helped set up what functioned as a non-governmental organization called EBLA, or Eliminating Barriers for Liberation of Africa, The Washington Post reports.

Facebook disabled 85 Instagram accounts, 49 Facebook accounts, and 69 pages. It said about 13,500 accounts followed one or more of the disabled pages, and about 265,000 people were following one or more of the Instagram accounts. Twitter removed 71 accounts, which had a total of 68,000 followers.

This network was in early stages of audience building and was operated by local nationals witting and unwitting in Ghana and Nigeria on behalf of individuals in Russia, Facebooks head of security policy, Nathaniel Gleicher, wrote in a blog post. It targeted primarily the United States. The network violated Facebooks policies against engaging in coordinated, inauthentic behavior, which is why the accounts linked to it were ultimately removed, the blog post said.

The activity was linked to individuals associated with the IRA [Internet Research Agency], an entity we had previously banned, Gleicher wrote. Facebook rejected the networks repeated attempts to buy issue or political ads in the US because the people behind it were not authorized to run political ads in the US.

In 2016, the Russia-based Internet Research Agency wreaked havoc on the US elections, setting up Facebook troll accounts and creating a targeted effort to steal and disseminate emails from the Democratic National Committee.

The Ghana-based troll network was not peddling politically themed content, but it posted inflammatory rhetoric about violence against African Americans and used hashtags associated with Black History Month and Martin Luther King Jr., the Post reports.

Twitter said that most of the disabled accounts on its platform were tweeting in English and presented themselves as if they were based in the US. The accounts operating out of Ghana and Nigeria and which we can reliably associate with Russia attempted to sow discord by engaging in conversations about social issues, like race and civil rights.

CNN said it worked with two Clemson University professors to track and uncover the Ghanian operation, which they described as straight out of the Russian playbook. The trolls were closely engaged in the Black Lives Matter community, said researcher Darren Linvill. They talked almost exclusively about what was happening on the streets of the United States and not on the streets of Africa.

A team of researchers from network analysis firm Graphika, along with the Clemson professors, discovered a new tactic being used by the Ghana-based troll network: it used a mix of real people and groups to spread the disinformation, rather than just setting up fake accounts. Many of the real people believed they were supporting EBLA, the dubious NGO, and helped amplify the troll networks messaging, according to the Post.

Most of these accounts were real people, which is the best way to hide your disinformation. You just connect it to an actual human, Linvill told the Post. You have to go three steps to figure out these real people were being paid by Russia.

Read the original:

Facebook and Twitter suspend Russian trolls trying to stoke US race tensions - The Verge

Some content moderators working at Facebook offices in Dublin are not being allowed to work remotely during the coronavirus crisis due to the sensitive nature of the work they are reviewing.

The social media giant has confirmed that while it is encouraging as many employees and contractors as possible to work from home, some are restricted from doing so currently.

Facebook has said some of the work that content reviewers are engaged in must be done from the office for safety, privacy and legal reasons. However, it said that it is exploring work from home options on a temporary basis for moderators engaged in work that falls outside of these categories and has already enabled it in some of its locations.

The news comes as some moderators working contracted to work for Facebook through Dublin-listed recruitment company CPL said requests to work remotely had not been met.

The Irish Times reported last week that Facebook had temporarily split a number of teams of subcontracted moderators from Accenture and CPL to other offices in the city to minimise the potential impact of Covid-19 on its operations.

Facebook employs thousands of moderators through agencies to review graphic material posted on its various platforms, with many of them based in Dublin.

For those full-time employees and contract workers whose work cannot be done from home we have taken steps to ensure their health and safety by limiting social contact in the office and conducting regular deep cleaning, a Facebook spokeswoman told The Irish Times.

Twitter didnt confirm if content moderators were restricted from working from home. On Wednesday last, the company announced mandatory remote working for all employees after previously strongly encouraging people to work from home where possible.

Google, which owns YouTube, did not respond to a request for comment in time for publication. However, the company is believed to be working extensively to ensure workers that have to be in the workplace are sufficiently spread out.

See original here:

Coronavirus: Facebook moderators must work in the office for now - The Irish Times

Like other tech firms scrambling in the face of theCovid-19 pandemic, Facebook is encouraging staff worldwide to work from home, part of a so-called social distancing strategy to slow the new coronaviruss spread. But some in the social networks army of contract workers, already often treated like second-class employees, have complained that they have no such luxury and are being asked to choose between their jobs and their health.

Discussions from Facebooks internal employee forum reviewed by The Intercept reveal a state of confusion, fear, and resentment, with many precariously employed hourly contract workers stating that, contrary to statements to them from Facebook, they are barred by their actual employers from working from home, despite the technical feasibility and clear public health benefits of doing so.

The discussions focus on Facebook contractors employed by Accenture and WiPro at facilities in Austin, Texas, and Mountain View, California,including at least two Facebook offices. (In Mountain View,a local state of emergency has already been declared over the coronavirus.) The Intercept has seen posts from at least six contractors complaining about not being able to work from home and communicated with two more contractors directly about the matter. One Accenture employee told The Intercept that their entire team of over 20 contractors had been told that they were not permitted to work from home to avoid infection.

A Facebook spokesperson told The Intercept that for both our full-time employees and contingent workforce there is some work that cannot be done from homefor content reviewers, some of this work must be done from the office for safety, privacy and legal reasons, adding that were exploring work from home options on a temporary basis, and have already enabled it in some locations. The spokesperson added that Facebook is taking additional steps to limit contact for those in the office, like physically spreading people out, limiting in-person meetings, eliminating social visitors, making changes to food service, increasing office cleaning and encouraging people who dont need to be in the office to stay home.

In some cases, workers said theyve been told that the only way they can stay home is by using the finite paid time off days theyre allotted each year.

Most people here are sick, coughing, and sneezing. The office ran out of Clorox wipes.

Despite guidance from Facebook, reads one contractor post, contractors are being asked to come into the Mountain View office to work, unless they have been diagnosed with SARS-CoV-2. This employee added that We are being told that if we choose not to come in, whether it be for health concerns or out of an abundance of caution, that we will have to use PTO, and its unclear if our absence is going to be counted against us.

Some of the contract workers in question are moderators, tasked with reviewing the most graphic and traumatizing content across Facebooks apps. Large tech companies have for decades relied on two distinct tiers of workers: full-time employees lavished with generous pay and perks, and contractors with far fewer benefits who, like many American workers, can count on little job security even as they are pinched by rising housing and health care costs. Decisions about who is allowed to work from home underscores this divide: While Facebook has said it will allow anyone whose job allows them to do so to voluntarily work remotely through at least April 10, posters in the employee forum said that Facebook contracting vendors are enforcing very different policies.

According to a post from an Austin Facebook contractor, Accenture is only sending home people who exhibit flu like symptoms in the work place.' This contractor added that they just saw 3 people get sent home and were all still in the office trying to focus on our work like cross contamination doesnt exist for 14 days prior to symptoms showing upAt this point, Im at a loss.

These contractors said the information theyve received from both Facebook and Accenture is confusing and contradictory. A post from a Facebook employee who manages Accenture staff said that During this time period caused by Covid-19, if any contingent worker falls ill and needs to take time to recover, they do not need to use their sick or PTO time. But Accenture employees said in the forum that this is not the case: This is not what Ive been told, replied one contractor. Ive been informed by [Accenture] that contingent workers can choose either unpaid sick leave or use PTO. They are not, however, allowed to have paid sick leave.

Posts from an Accenture manager seem to confirm this policy contradiction: The current state for PTO has not changed from whats has [sic] previously put out by your team leads, reads one internal post. After another contractor asked this manager why working from home wasnt an option, they explained that Currently [Facebook] does not allow us to work from home. This is due to the content we review. That is the current state. Will it change? Im not sure but will continue to keep you informed.

I have a chronic respiratory disease, wrote another Accenture contractor, and while my team lead has been supportive, [there] hasnt been guidance on what Im supposed to do now that Ive run out of PTO. I am going in tomorrow because Im not sure what to do at this point. A co-worker added that Accentures human resources staff had asked anyone requesting sick leave to provide a note from any immunocompromised family members to show that we have a legitimate concern. This all seems quite unreal.

Most people here are sick, coughing, and sneezing, wrote a Facebook contractor in Mountain View. The office ran out of Clorox wipes and hand sanitizers, there are no masks or thermometer. At this office, the disparity between Facebooks full-time employees and their hourly support staff is particularly galling: Some employees who work in the same building got paid 2 weeks of staying home! So how is that fair? Why their lives matter more than others? Why some of us have to choose between risking their work or their health?

Neither Accenture nor WiPro could immediately comment. After The Intercept contacted Facebook, sources said the company deleted at least once lengthy thread on the PTO grievances, with one Facebook employee saying in the online workplace forum that the deleted post contained false and misleading information about COVID-19 that was causing unnecessary panic for some people working in the [Mountain View] office. This employee added that going forward, the company will remove any posts or comment about COVID-19 flagged to us that contains misinformation.

Updated: Thursday, March 12, 4:54 pm PT

This article was updated to include a statement from a Facebook spokesperson.

Read more here:

Facebook Contractors Forced to Work in Office Despite Coronavirus Threat - The Intercept