Implants and Extractions (part II)

Implants and Extractions (part II)

In Part One I described two bogus websites that were using a variety of tricks to game both the audience and the advertisers. I showed some fake/stolen profiles that were being used to seed links, memes and to control a group with a large audience and a narrow focus. I showed an admin team of nine that had somehow positioned itself to take over a group 88,000 strong.  All that together has a name now, it’s called “Coordinated inauthentic behavior.”

It was Coordinated inauthentic behavior coupled with Facebook’s ceasing followup reports on reported profiles last year that inspired me to start keeping spreadsheets to understand what was going on. Only because of my own records do I know that two of the seven profiles named Muhammad Adnan Farooqi were deleted.
img_3438

This is also how I discovered- today- that Facebook got really close to blowing this wide open. (I turned the spreadsheet sideways just because it’s so big, and I don’t expect it to be legible.)  That grey block all the way in the lower left corner… those are the pages and groups. There were 23 that I found tied together in some way..  Today I discovered that three of the pages were recently deleted and one of the groups was returned to it’s original owner!  I’d really like to get her side of the story.
(Those three grey bars on the left- those are the deleted pages) So at this moment, there are five pages and twelve groups that I know of that are being run by this network of click-baiters from Pakistan.

That one bright red line in the grey block- that is this page. Red is the color I mark things that are unusual or alarming.  I was so excited when Facebook finally rolled out the info & ads tab.  But I guess most people don’t even know it’s there.

getsmartyvote2020

Back to the spreadsheet, that block of pastel green- those are the profiles of Muhammad Adnand Farooqi, two with their URL in grey are gone now… oh- and I found a new one, so he’s back up to six active profiles. The sienna color, that is Zahida… she has three profiles.

getsmartyspreadsheet Each of the 8 colors represents one of 8 names that is repeated. (eight names- 35 profiles)  Many other profiles are not repeated and are just colored grey.  Each black bar is the title of a group with it’s administration listed below.  You can see the eight colors scattered throughout.  That’s the coordination.

getsmartyzahida1getsmartyzahida2getsmartyzahida3

Obviously, not all of these photos are the same person, so it is fair and responsible to warn that any of these photos may be of innocent people whose pictures were stolen just like the Facebook accounts. The URL names don’t match either.

If you have heard people mocking “Coordinated inauthentic behavior” or acting as if this was some sort of made up excuse for what they deem to be “censorship”, please share my blog with them and show them that this is very real,  and it’s not uncommon.  There can be a variety of motivations and it can come from inside or outside our borders. I feel sad to think that once this is published, that Facebook will swiftly make it all vanish and the opportunity to learn from it will be lost.

Hopefully the groups will be returned to their original owners, and those people will be given information about what happened and tools to evaluate their group membership and make sure that this doesn’t happen again. Perhaps professionals from Facebook could work with them to carefully comb through these vulnerable groups to be sure that they are not full of sleeper profiles ready to pick up where they left off.

Since the IRA debacle- how many pages has Facebook removed without even naming, only mentioning them as a count and maybe a country of origin or country of target? How are we to learn?
Here are screenshots I took in March of the three pages that are now gone.
106,133 people liked these pages.
Maybe some were the same person liking more than one page.
Maybe half were fake likes purchased to shoot the page up in the search results.
Maybe some were automated cyborg amplifiers who were programmed with a core list of conservative page likes to share from to build a convincing red white and blue timeline. What concerns me is that not a single one of these people is going to be told that these pages were pumping content into American filter bubbles from Pakistan.

This slideshow requires JavaScript.


If you added the page likes and group members of the whole network together… there’s 500,000 people who SHOULD be told that they were involved with a foreign network that was actively pitting Americans against other Americans.  This might be a rare time when the thought of bots might be a little consoling.  Maybe it’s not really 500,000 red blooded Americans who were so blind and easily manipulated. Maybe there were only 200,000 real people and the rest were just bots pretending to be housewives from Texas. OK, maybe that’s not so comforting.

Diamond and Silk Fan Page (group) – 88,710 members

Conservative Voters 2020 (group) -36,636 members

Trump Fans (group) – 22,814 members


Sarah Huckabee Sanders Fans (group) – 12,076 members

Sarah Huckabee Supporters (group) – 7639 members

Conservative Values Across America (group) – 27,363 members

We Are Conservatives (group) – 40,273 members

Vote Trump 2020 (group) – 18,290 members


Judge jeanine Fans Group – 8981 members

Judge Jeanine Fans Supporters (group) – 5275 members

Tomi Lahren Fans (group) 26,699 members

Ivanka Trump (group) – 106 members

Ivanka Trump Fans (page) – 11,414 likes
gssIvankaFansPage

Judge Jeanine Fans (page) – 88,684 likes

gssJudgePage
2020 Make American Great Again (page) –  2358 likes

gss2020maga
Trump Train 2020 (page) – 117 likes

gsstrumptrain2020

Sarah huckabee sanders fans (page) – 18,492

gssSHSFans.jpg
Daniyal Political News (page) – 548 … this page hosts memes seeded into other groups.

gssDPN.jpg

Here is a word to keep close to your heart- “resilience” if you combine it with “propaganda” it makes a powerful search query.

Who could miss these admin teams and the posts they pushed out?

Few will have the chance to pick through and examine what happened. How were those profiles taken from their owners and the groups taken from their founders? Few will see  the comments left by all the people who fell for the bait, or how quickly the commenting from a “mainstream” audience plummets without the guiding oversight of an invested moderating team.

These blog posts, for the most part are about the network who played this audience… but for me- my nerves were tested, not by what they did- but by the audience- their comments and attitudes. The tenor of their daily discourse. I can’t articulate what I have been exposed to. I can’t even write a conclusion at the end of this, it’s just going to end abruptly with all the other words unspoken.

The lists that Facebook would show you today of the names of your friends and relatives already in the group to entice you to join… tomorrow, if a group is deleted, not even the members will have any tangible evidence that it ever even existed or that they were a part of it. There will be no debriefing. Odds are they will never know.  They will never suffer a knock to their confidence of consumption… even after a massive recall.

contentunavailable

Maybe there will be some “Content Unavailable posts” knocking around, with just a few hints about what might have been there from the quips in the comments. Do people even know that those unavailable notices, sometimes caused by privacy settings… but more typically, when they are found in group postings, having collected comments- those are the shadows of bogus problematic pages that aren’t there anymore.  If you go in a group and scroll back in time and you see those rattly remnants, that is a clue… like syringes on a sidewalk… a street-smart person would use to evaluate the place where they are.

This is not the only network of its kind.  Don’t think that when this blows over it’s done.  People, we need to be vigilant.  We have to do so much better than this.

If you would like to learn more about detecting inauthentic behavior, my Facebook page Exploiting the Niche has some notes and videos as well as many posts that are examples.

Cover photo by Samuel Zeller

 

Extractions and Implants (Part I)

Extractions and Implants (Part I)

Update: 2 days since publishing…
I worked really hard on this. I thought it was going to make some waves.
Did my blogpost get eclipsed by a photo of a black hole?  maybe.

More likely I just had some bad luck surfacing when I thought sharing was going to be a sure thing. In the 2 days since this published, not only did this not get the traffic I anticipated- of the visitors I did have..
(THANK YOU! I know this is not light reading)
..only 1 out of 5 even clicked through to the part of the story that really matters! 

blogwoes
sad stats


If you don’t have time…

please just jump to part II and scroll through the pictures  

(The pictures are important! I made these screenshots for you!) 
 About 500,000 American Facebook users are being served political content from Pakistan who don’t know it.  I’m asking you to help me get the word out. 

JUMP TO PART II


Part I:
These ads were placed on a website called Getsmarty.site by Google Adsense.
Almost all of the ads I saw when I visited the site were for dental products and dental practices in my region. Obviously some regional targeting was at play, but I am not in the market for a new dentist.

This slideshow requires JavaScript.

This slideshow requires JavaScript.

Look closer at the website and you may begin to understand how the ads were targeted to a person visiting the site, it seems clear the reader is doing some research about getting some dental work done… right?

http://getsmarty.site/dental-implant-procedure-cost/
http://getsmarty.site/best-dental-implant-surgery/
http://getsmarty.site/dental-implant-complete-procedure/
http://getsmarty.site/dental-implant-procedure-and-restoration/
http://getsmarty.site/grafting-for-dental-implant/
http://getsmarty.site/risk-factor-in-dental-implant/
http://getsmarty.site/replacing-teeth-procedure/
http://getsmarty.site/dental-treatment-consult/
http://getsmarty.site/teeth-implant-recovery-timeline/
http://getsmarty.site/dental-cosmetic-related-compilation/
http://getsmarty.site/dental-implant-procedure-steps/
http://getsmarty.site/dental-implant-placement/

I wonder if dental implants are expensive? If a person reading articles about the cost and recovery time is going to spend a lot of money by the time it’s all over, and that dental practices would pay quite a bit to outbid their competitors in order to gain a new client? I don’t know that much about the going rate of dental ads on mobile. I don’t know that much about the cost of dental implants either. I guess I could read one of the articles.
I’ll take the first one off the top of that list:

“When people are searching and thinking about the cost that involved in dental The fastens are typically left set up for around seven to ten days. After this time and doing complete procedure while it would not be easy span the gum tissue dental specialist opening has been finished, the dental specialist will proceed with the boring procedure utilizing a lot of bits, every one of which has a somewhat bigger width.”

Clear as mud right? There are three paragraphs of that. I still have no idea how much dental implants cost.
And there is also some of this:



That bizarre article about Nancy Pelosi falling down drunk and being escorted out of the white house- is not my screenshot of the website. On Getsmarty it’s actually two photos of formatted text. So the dental text on the website is searchable, but the Nancy Pelosi story is hidden to the prying eyes of a crawler as a .png file. The dental implant word salad only appears after the dear reader has had all the satire go right over their head and has had their outrage fix anyway.

The Pelosi story was copied from BustaTroll.org and has been debunked by Maarten Schenk of LeadStories.
The number of levels of fakery going of here is truly stunning.

This is the photo, which is the preview image for the story which actually seems to be titled, “Time to out”

The audience who is who is falling for this seems to have very poor reading habits, if they read the articles at all. They seem to share and comment freely, but I never see comments inquiring about the dental text. There are many digital literacy cues that are overlooked in order for these articles to be taken seriously. When Getsmarty.site articles are returned in a Facebook search, some of the dental text and other bits of random weirdness shows up in the captions.

getsmartyarticlesonFB.png

If a person shares a Getsmarty.site article on Facebook, the unusual dental URL of the article may show:

getsmartysharelink.png

Hold on to your teeth because it’s going to continue to get stranger from here.
Let’s look at a Getsmarty.site share into a group, the Diamond and Silk Fan Page.
Note: despite the name, this is not a page, it’s a group.

getsmartydiamondandsilksmallest

Just to cut down on the number of screenshots I have to make, in the above screenshot I have pointed out how a person can look to see the administration team of their group.
I have to do this because it seems many people don’t know how.

This group has 88,717 members and 9 administrators.
What I want to know is: Why, out of 88,717 people, more people haven’t looked at this and seen a problem?
I don’t have a problem with people named Muhammad or people who don’t have their language set to English… but when your group is based on American politics, considering the current climate and well publicized issues of foreign interference- I would think that some people inside this group would notice something was off and raise the alarm.

getsmartydiamondandsilkadmins

Maybe you noticed that the Muhammad Adnan Farooqi who made the post doesn’t have the same profile picture as the one in the administration. Well. There are a bunch of them. There were seven, but Facebook deleted two of them sometime in the past month. Then I found another one last night. Now there are at least six.

It is always so annoying to me when Facebook is so close to something big and it slips right past.

maf1maf2maf3maf5maf4maf6

Now that we know who the group administrators are, maybe we can do a better job of recognizing when they put posts into the group. Maybe.

viraltictocZahida

Are you kidding me!… I’m sitting here trying to figure out how I am going to wrap this up with the big reveal…and Zahida here has to share a link to Viraltiktok.com… this is brand new! When I had last looked Techspros.com was the network’s old website and Getsmarty was the new and active one. It looks like Getsmarty may be aging out so they have introduced Viraltiktok.com to keep things fresh… let’s see what is going on.

viraltictoceyeads
Oh my eyes. Can you read this? The design and concept are identical to Getsmarty.site. except now the URL is talking about lasik eye surgery. The political outrage article is a photo of text and the medical word salad follows just like at Getsmarty.
The Viraltiktok article is tagged: eye surgery, eye surgery cost, lasik eye surgery and you can see it has successfully scooped up some vision advertising.

“Eye treatment would be now not easy and also treatment an when it goes to surgery it enough to enable the specialist to securely make a clean corneal fold of fitting profundity.
Are influenced by one of the normal kinds of vision issues or refractive mistake and they are doing some the things that not easy and nearsightedness (partial blindness), astigmatism (obscured vision brought about by a sporadic formed and can nothing be done easily and nothing be done frequently effortless methodology,in cases and eye treatment and for most of patients, the medical procedure improves vision and decreases the requirement for restorative Nonetheless.”

HiddenTagssmaller

I’m including Facebooking basics here because people either don’t know how to do this stuff or don’t believe that it is important. I guess there is a sense of safety in numbers, that when you are in a group with 88,717 members, you trust that if something was up, people would be talking about it. But clearly that’s not the case.

If you notice someone posting website links or memes from pages, try searching the group for their name an see if their behavior seems unnatural. Of course people who own pages will promote them, but if they use fake profiles to do it- that is deceptive astroturfing or spam.

getsmartydiamondandsilkzahida

You can search the group for the website or page name and see who else shares it.

getsmartyseeder.png

Sharmeen is a new to me. I started a spreadsheet on this network on March 14, 2019 and listed all the profiles who were admins of groups, managers of pages and seeders of links. There are about 80 profiles involved. I didn’t see Sharmeen until today.

When I visit Sharmeen’s profile home… I notice something. Do you see it?
Sharmeen Maqbool is operating an account that was stolen from an American woman.
This isn’t the only one of these I have found, one of the Muhammad Adnan Farooqi accounts was also stolen from an American. Other accounts have mismatched names with the profile URL and may have been stolen from people in other countries.

sharmeentiffanyprofile.png

This “Sharmeen” account is using a hijacked American profile to seed both memes and links into the group. How do you feel about a foreign player using a stolen American account to put such volatile divisive content into the American traffic stream through a Diamond and Silk Fan group?

If they would steal American profiles to game the system… what else would they do?
Well… this is a little tricky, it’s so strange how Facebook gives different information depending on what country you are in, or how you are viewing the page (like I would never be able to see the URL on Sharmeen’s account from my phone unless I copied the profile link and pasted it somewhere- and yes- I do that all the time!) the act of copying the profile link does not show the link to me from the mobile Facebook app- it just says “Profile Link Copied”

OK, so here is another inconsistency. Earlier we got a view of the administration of the Diamond and Silk Fan Page- that was a screenshot of my desktop view. The mobile app format isn’t much different… but if I view the admin page of the group while logged into Facebook from a MOBILE WEB BROWSER… there is some critical information included!

getsmartydiamondandsilkadminsDATES

In this version of the Admin roster, we can see how long these profiles have been administrators of this group. The group was founded on February 3, 2018 but it is clear that no one from the group’s founding or first year running is still running the group.
How did these Pakistani profiles get control of an American group with amost 100,000 members? Where are the original admins and how did no one notice when this takeover happened?

In part two we’ll look at the pages and groups this network is using to play American outrage traffic.

Cover photo by Samuel Zeller

The DeepRabbitHole

The DeepRabbitHole
Photo by Tony Stoddard

If you arrived here by a link, You can read part of this investigation here.

Over the couple of years that I have been sniffing around in this field of tricky players I have worked hard to learn some OSINT techniques. (OSINT = Open Source Intelligence.) That means finding the information that is publicly available, but maybe hidden in plain sight where no one has looked. While technical skills would be an advantage, my strong points are curiosity and observation. My approach is like Colombo crossed with McGyver.

My mission is to share media literacy information so people can be better equipped when they encounter things like romance scammers, foreign actors and disinformation. When I named my page “Exploiting the Niche” I thought that the term was a common phrase, like “Pushing the Envelope” or “Toeing the line”. It turns out it’s not common enough for me to have assumed. Many people aren’t familiar with how a marketing motivational speaker might use the phrase “Exploiting the Niche” without the slightest sense that maybe that doesn’t make them sound so nice. I thought it was clear that I was going to be talking about people who are doing that, and not that I was doing it myself. WhiteWolfPack is a classic example of someone who is determined to hit a very specific niche market and doesn’t care who they exploit along the way.

It has been a few years since I tried to find the identity of the owner of the WhiteWolfPack website. (Spoiler: I still haven’t) I wondered if maybe I would see something I had missed if I revisited it again since dead-ending back in 2016. One place that I find really helpful to look for information is in comments. Lots of times people have some inside information or context that helps with an investigation. Searching on both Facebook and Twitter I was really excited to see a rumor repeated more than once about a person who was believed to be the owner of WhiteWolfPack. I was excited to think that maybe after all this time, the mystery had been solved. There was even a youtube video linked. As I watched the video my sense of “victory at last” began to fade. I didn’t believe that this woman was associated with the website. When I inquired about how this connection was made, I couldn’t get any answers.

The accused has a wolf sanctuary and spiritual retreat in Arizona. What she is doing with sweat lodge and drum ceremony and all the animal magic of the supernaturally therapeutic wolves… that is a whole ‘nuther rabbithole that is waaaaay outside my lane and scope of my expertise. I’m interested in internet frauds and media literacy. If someone has a physical presence circulating around (in this dimension or another) and is shaking hands with the people who are buying her shtick… I’m out. That’s for tribal members to speak on, not me.

So that leaves me with a balancing act of wanting to explain enough about what I see to rule her out as the owner of WhiteWolfPack, but to not derail this whole blogpost with her specifics. I do want to make it clear that my intent in ruling her out has to do with not coming to the wrong conclusion about WhiteWolfPack, it is not a defense of a white person appropriating sacred ceremony.

Here is what I think happened.

icannWhoIs Domain Registry Search for WhiteWolfPack.com

Look carefully, Do you see it?

Recently I helped out a person who was sure they had found fake news coming from Panama. In that case I understood right away what had happened. It was likely that a publisher from anywhere around the world was using WhoisGuard, one of the largest domain registry services to protect their privacy/identity. A service that acts as a go-between used their address in Panama to register websites for a fee.

I’ll confess it took a full day for this one to dawn on me because the mystical prattle coming from that wolf lady’s Youtube had me so disoriented. What I think happened is that some well meaning person tried to search for information on WhiteWolfPack.com and they saw these results. Not understanding that this Scottsdale Arizona address is the DomainsbyProxy business address and that it’s tied to more than one out of ten websites with a top level domain. That investigator got headed on the wrong track thinking that the owner of WhiteWolfPack is in Arizona. This wolf sanctuary lady was a perfect character who could fit the MO of a person who has enveloped themselves with all the trappings of the Native world, but who appropriates with wanton disregard for the people they hurt along the way….that, and… wolves. I can understand how this could have happened.


Here are some points of disconnect:

  • The sanctuary’s website has a very dated style… you almost expect a midi theme song to play in the background , while WhiteWolfPack’s design has a different aesthetic.
  • The sanctuary’s website is very transparent in the historic domain registry details, something that the WhiteWolf master of secrecy would never allow.
  • The sanctuary page has only FIFTY SIX fans. The automatically generated Facebook page for the sanctuary has 309 likes (people are checking in and sharing pictures from their visit) . The page manager appears in photographs with the wolves and the wolf lady. The page manager is not a false identity, she’s a very real person with connections to the sanctuary. There are scores of photos posted by the public and videos of the wolf lady on youtube, uploaded from multiple sources.
    The White Wolf Facebook page on the other hand, has 443,851 likes and no human faces or names associated with it.
  • The White Wolves of the cover photos of WhiteWolfPack.com are not the resident wolves at the Arizona sanctuary. After watching that woman talk about her wolves and their spiritual healing powers, I can’t imagine that she would ever have the restraint to not highlight those individuals as mystical celebrities at the WhiteWolfPack website if she owned it.
  • This part that really does it for me: The spring thaw in Arizona apparently has caused a lot of flood damage at the sanctuary. They have put out a call for donations on their tiny page. Even if this fund-drive were a con, if you were trying to get donations… and you owned a page with almost half a million likes… wouldn’t you use it? They wouldn’t even need to blow their cover, if they owned WhiteWolfPack.com- They could slip in a story about the sanctuary’s needs in the third person and act as if they were just doing something nice to help wolves. If you had no scruples and had access to an audience half a million strong wouldn’t you target them instead of reaching out to an audience of 56?

OSINT technique for websites with private domains:
Sometimes the Google AdSense or Google analytics codes embedded in the HTML of the webpages themselves will show behind the scenes links between websites.

Step one: right click on the homepage of the website.
Choose “View Page Source” from the menu. (I wish that would cut this whole thing short and pop up a picture of the person doing this, but sadly the page source they mean is HTML code.)

This will cause your computer screen to look
A: Really cool… or
B: Absolutely terrifying
(that’s up to you!)

The shortcut for “find on screen” is CTRL F (hold the Ctrl key as you press F)
that will open a little window where you can type in what you are looking for. Then use the arrows to quickly jump up or down through the HTML document. You will see your search results highlighted.
“ca-pub” are the letters that will precede the unique numeric Google Adsense ID code.

Are you ready for the big reveal?
Copy the Adsense ID code and take it to the website spyonweb.com

This search is looking for all the websites making money with google ads that Google is paying to this one account.

Now we have three websites showing in the Spyonweb search.
This could get interesting!
The Buffy Sainte-Marie blogspot hasn’t been updated since August of 2015.
The I Love Music Blogue hasn’t been updated since Whitney Houston died in February of 2012. I think the notable thing here is that this blog is presented in French language.
The other thing that has the potential to throw us off is that the profile of the person responsible for the iLoveMusicBlogue is “Buffy”

The location on this profile says Canada, and yes, I know they speak French in Canada too… but I’m going to bet that nothing here is true. I’m going to give her the benefit of the doubt and say these blogs are NOT run by Buffy Sainte-Marie. Rather, this webmaster chose a celebrity’s audience (perhaps they are a fan) to exploit. Just like on the WhiteWolfPack.com website, this mystery plagiarist webmaster was getting news alerts from a wide variety of sources all over the web any time someone wrote about Buffy Sainte-Marie and then they would steal the story and republishing it. Although known as a Canadian Musician, the Wikipedia entry on her amazing life and career says Buffy Sainte-Marie lives in Hawaii and has for a long time.

The Buffyblogue (I’m going to call it that now) has a link to a
(BOGUS) Buffy Sainte-Marie FACEBOOK PAGE
This facebook page has a good sized following of 27,106 page likes.
Although the Buffyblogue has not made a new post since August of 2015- the Facebook page continued to be active up to April of 2018, they were reposting older articles from the Buffyblogue archive, That last Facebook post, the Universal Soldier Video was a blogpost pulled from April of 2011.
I think the WhiteWolfPack webmaster has learned that putting dates on the blog articles is problematic if you plan to recycle them for years. I’d be curious to see when they stopped putting dates on their posts.
There are two more interesting connections…

One: The Buffy Facebook Page Info&Ads shows the page has 3 managers from FRANCE.

Two: CrowdTangle shows that the Buffyblogue has had some very dedicated promotion from a Facebook page that some may already be familiar with!
Aboriginal and Tribal Nation News was the primary amplifier of Buffyblogue posts from 2011-2016.

Let’s take a moment to talk about:
(BOGUS) Aboriginal and Tribal Nation News Facebook Page
This page has 317,935 page fans who have fallen for its legit sounding name AND the great quality relevant and stolen Native journalism that WhiteWolfPack serves up. There is no publication “Aboriginal and Tribal Nation News”, online or elsewhere- and if you scroll down their timeline today, all you will find are links to plagiarized articles from WhiteWolfPack until you eventually come to some links to the Buffyblogue. I don’t have time to do that, so if anyone comes across Tribal Nation News sharing any content that does not cycle directly back to their Google Adsense account- please tell me and I’ll take note.

Get in the habit of checking Page Info&Ads…
Look: Tribal Nation News also has a manager team of 3 from FRANCE.

Just like I requested in part I of this- please let’s crowdsource an effort to notify our friends that this page is not a fraud like WhiteWolfPack… this bogus Native News outlet IS WhiteWolfPack. Go to the community tab on the Aboriginal and Tribal Nation News page page and see if any of your friends are following and send them a message.

Same goes for the White Wolf Facebook page
Get your friends away from it! Let’s not be accidentally amplifying this fraud! Here is a screenshot of White Wolf’s page Info&Ads- showing their page managers in the USA and FRANCE.

Same with the BOGUS Buffy Sainte-Marie page.
Warn your friends if they liked it. Be careful- the WhiteWolfPack owned Buffy Facebook page is older and has a larger following than the
legitimate Buffy Sainte-Marie Facebook page.
Yes, the cheating thief has managed to present a Facebook presence that rivals the real Celebrity! That is an outrage!

When I look at the crowdtangle results for Whitewolfpack.com, most of the amplification is from White Wolf Facebook page and the Aboriginal and Tribal Nation News, and they are returning high because of their large audiences, but there are many other pages who are sharing WhiteWolfPack stuff. These pages should also be notified! Be kind and considerate, but there is a certain point where someone’s refusal to acknowledge the harm of stealing from Native journalists becomes a point where I would draw a line. Pages like: Indigenous Life Movement, Oceti Sakowin Camp, Sacred Stone Camp, International Indigenous Youth Council, Standing Rock NoDAPL Image Bank, Wolf Mountain Sanctuary, Walking the Red Road, Frack Free Four Corners, World Indigenous News (WIN)… on and on, there are so many.

Be thorough! Lots of times it’s the small or old projects that have the best OSINT clues. Just in case you might be wondering if I forgot, I didn’t get anything else here, but I did check CrowdTangle to see if anyone was amplifying the IloveMusicBlogue. Nope.

One Note about the Legit Buffy Sainte-Marie facebook page. I am not 100% sure that it belongs to the real Artist… but I have 0% doubt. There is a small amount of merchandising, but hey… that’s fine, even the President of the United States does it. Her posts share a wide variety of sources and she doesn’t steal their content, she amplifies the posts of others- that’s how it is supposed to be done! She also is posting a lot about her recently released authorized biography both on her Blue Check Verified Twitter and her Facebook page and the branding of the social accounts matches. (yes that can be faked by an impostor, but I don’t think that’s all all in question here)

In the end, I think this is going to depend on the supporting structures that this thief uses to do their thing stepping up and doing the right thing. Typically it’s only the authors themselves who have the power to complain, and because WhiteWolfPack spreads their thieving between so many people who may not be in communication with each other, they haven’t pulled together as a unified front.
Facebook
Twitter
Google Adsense
Blogger (also owned by Google)
GoDaddy
Domains by Proxy (owned by GoDaddy)
They all support this anonymous serial plagiarist. It is absurd that, as seen in this 2 minute video presented by Google a steady stream of content creators each has to learn the complex paths and hoops to jump through just to request that their work not be presented to another audience without their permission… why is this allowed to continue for YEARS?

– The End –

With a hat tip to one of my favorite podcasts, If/Then from Slate
I am going to wrap this up and close a whole bunch of tabs… but I’ll leave a few odd and ends here:

This is a nice website that shows the spectrum of plagiarism with graphics and an uncanny block of text. I’m half tempted to see if they took it from WhiteWolfPack.

White Wolf’s Twitter …huh… the last post was on April 21, 2018
That is the exact time that the Buffy Sainte-Marie FB page stopped posting!!! What on Earth happened?

CuteStat report on Whitewolfpack.com

A Canadian senator gets tangled in it on Twitter with a 2018 share of a story written in 2004 and published by WhiteWolfPack on “Wednesday” from here on out. The plagiarism rehash makes the original author look bad too.

The WhiteWolfPack

The WhiteWolfPack

“Chasing With the Horizon” photo by Tahoe Beetschen

Many years ago I tried to do some research into a website that was stealing articles…can’t remember how I came to the conclusion that it was based in France, but my foggy memory thinking it was French stuck. Years went by and I have looked into thousands of other bogus websites since then, but my irritation with this one flagrant plagiarist WhiteWolfPack has not faded.

In Native circles, for the most part people know about this fraud and avoid it. The outliers, people who aren’t super active online, people who aren’t Native, the wannabes and the other New Age hippy types… they enjoy a steady stream of pretty good quality Native, environmental, cultural and wildlife related journalism with beautiful photographs. Superficially it’s a great website- because the web is scoured for all the good stories on certain subjects from a wide variety of publishers. The writing is consistently above average and the photography is top notch… and virtually all of it is stolen.

One thing you can do:
From time to time I’ll be reminded of WhiteWolfPack and go on a tear. I pick some articles, copy some text and search the web looking for the original article (which usually returns lower in the search results than WhiteWolfPack’s plagiarized copy) Then I take note of the author’s name, the publisher and if the photographs were taken from yet another source- I’ll do a reverse image search to try to find out the photographer’s name as well. I’ll compose a tweet to let the people know about the article on the WhiteWolfPack website so they can file a takedown notice. I figure even if the authors don’t follow through, or WhiteWolfPack refuses to comply- at least I might be raising awareness about what they do. This wack-a-mole game annoys me so much, people shouldn’t have to take time out of their day to politely ask a thief to give something back, especially after most of the value has already been extracted.
There are many links in the chain that allow this to go on, including the big platforms who allow the stolen content to be disseminated, the ad-servers who monetize the website, the domain host and privacy registry. All of these other entities are enablers and are shielding a thief from accountability and having to stand responsible for their actions.

img_2928

Some people don’t understand the problem. They think that as long as the word gets out, that’s all that matters. I guess these people never bought a camera, or a laptop, or a plane ticket to some location to cover a story. I think they have no idea that journalism is a profession… that the journalist’s education cost money too, as does every other element of day to day life. They don’t understand that in order for good journalism to exist, journalism needs to be supported. I think most of them don’t even understand that web traffic converts into money. So they don’t understand that this theft is motivated by greed, and that WhiteWolfPack is not a philanthropic public library curated just for them. If WhiteWolfPack wanted to make a page and share links to people’s stories… and amplified their work to a giant audience- what a wonderful thing that would be! But that is not what they are doing.

Here is a post from Jacqueline Keeler about an article WhiteWolfPack stole from her.

Something you can do:
These page fans, they say they care about Native People, yet they’re supporting a fraud who steals from them.
443,840 people… that’s how many followers the White Wolf Facebook page has!
If you go to the White Wolf Facebook Page while logged in to Facebook- you can see if any of your own friends are following the page by clicking the “community” tab. From there, click > SEE ALL …a window pops up- it should show all your friends who liked the page and there is a handy shortcut to a messenger conversation with each of them. Encourage them to unlike the page and spread the word.

Another thing you can do:
When you see a WhiteWolfPack link shared: find the original article and offer that link in the comments. Explain that the article was stolen and to please support the author by sharing the original publishing. Be sure to not criticize the story which has been taken from it’s context with the date erased. …And no, sticking a teeny hyperlink all the way at the end of the article that says “credit” is not a free pass to take whatever you want. If someone stole a purse and then wrote the original owner’s name on it in tiny letters… would it not be stolen? I have clicked a bunch of those “credits” and most don’t even go to the original article!
Ask administrators of groups to make a policy to not allow WhiteWolfPack links to be shared. You can use the “search within group” function to see if the links are going into any of your groups- usually there are a handful of steadfast WhiteWolfPack fans who are responsible for almost all of the shares.
Would you shop in a store if you knew all the merchandise was stolen? This is no different.

One more thing you can do:
Search Facebook for posts about “WhiteWolfPack” and see what posts you find. There are many people who have been working to expose this and you could amplify their posts, or maybe you will find friends who shared from the bogus website. Pay attention to timestamps and try to stick to just the most recent.
Sarah Sunshine wrote this great post back in January

This is what the website looks like after an article is removed.
0e1a881d-ee4e-4df5-5216-85d5e0287be9


Thank You for reading this far…you can stop now if you want but this isn’t the end of the story.
Now it’s time for the nitty gritty stuff.  I’ll update as soon as I can.

Part II is up!

The DeepRabbitHole


Beautiful Nature

Beautiful Nature

Back in early May, I noticed a new post format appear in the ever evolving arena of gaming Facebook’s algorithm. This was coming almost a year after the “still image presented as a video” trick pissed everyone off: plain memes saved as .vid files wedging a briefcase in the closing doors of the video content express train. Never mind that we didn’t get an answer about why video content was given an express train in the first place.

Craig Silverman wrote about these back in July of 2017… and if you read the article, (it’s fun!)… you’d find out that an anonymous source at Facebook denied to Buzzfeed that the video content express train is a thing. Apparently it’s all our fault.

The still meme video asshattery was checked and suppressed by Facebook soon enough. That era of sport seamlessly morphed into the “moving filaments and sparkles over the still meme”- which pissed people off even more than the original cheat. Sorta like a blow-up-doll would, motionlessly mouthing “Loser” at you from the passenger seat of a speeding car in the HOV lane while you are stuck in bumper to bumper traffic. (I only say that as a deeply resentful page manager who, on principle, refuses to employ the cheap tactics my page is dedicated to exposing.) Before the suppression of stage two could even be noticed by the average user, the tactic evolved once again.

This time the posts contained several elements, a mix of file types, both video and still. There were two versions of this- One, I call the tiled meme: a still meme image that is cut in half horizontally.  The top half of the meme is presented as a still video, perhaps with music. The bottom half of the meme is posted as a jpg. When displayed in a single post- the two pieces line up like tiles with a thin line of grout between them.

paintbynumber

I know. That’s a paint by number. No comment.

This format is popular with a few of the fake Native American pages. I was seeing it a lot. It was being used not just to get some extra surfacing, it was also being used to spread a lot of fake garbage- like this grammar trainwreck hoax about Willie Nelson being ill:

williw

I also wrote this post about a Glen Douglas image being used as Birthday Bait: (and more birthday bait)  I also want to point out that these examples of homogeneous garbage tile meme content were pulled from three different pages, Proud to be Native America, We are Native American and Native American Proud.  None are Native American owned pages.

glendouglas

The tiled meme trick has some pitfalls, the individual elements sometimes collect their own sets of comments and can also be inadvertently shared alone- destroying the unity of the tiled post format.

toptile

There was even a format backlash page created on May 25, 2018  called “Meme Repair and Quality Memes” The page could be the next best thing since unsliced bread.

The other style of mixed file format that I noticed in Early May is a video and usually three photos which are stills pulled from the video.  The effect is redundant to say the least- but packing four elements into one post must have had some beneficial effect as I saw many pages using it. I posted about it on May 12.

 

The week before I had made a spreadsheet in an attempt to get a handle on the size of the network behind these “Beautiful Nature” pages, and as I dug deeper into the tightly woven tangle, it was clear there was no end in sight.  I eventually set a goal of listing 250 of them.  The pages, like the content within them, were mass produced and formulaic. Some pages I entered in the sheet got the notation “more to mine”- that simply meant that I suspected that page would lead to yet another branch of networking but that I was trying to stay on the path I was already  following.

Some people are confused when I include Kitten content in the list of abuses I warn people about.  They seem to think that Fake News and partisian politics are where the corruption and abuse of the platform is taking place. I say when it comes to profit motivated players- the content is just the vector- what it actually is, that’s irrelevant. Learning to recognize the tactics is how you avoid the abuses.  You can fact check Honey Pot Times stories till Snopes lists you as a benefactor- but as long as you keep going back for more of the same garbage from the same source with the same motivation pumping out the content- you are vulnerable to being suckered and you are supporting an abusive system that is spiraling downward.  If people can’t recognize the abusive lie at the source, when a sick child’s picture is used as pray-bait- I can’t expect that they would recognize when a misquoted politician’s photo is being used as rage-bait.  I had hoped that puppies and sunset content might be a less volatile subject to try to use as an education tool, because it is impossible to approach bogus politically divisive memes without being dismissed by the identity signalling sharer as merely supporting the “other side”.

What could possibly be wrong with “Beautiful Nature”? and why would I spend time documenting a network of serial sunset and hummingbird spammers?

1. The post format I had noticed was an obvious trick for surfacing.  The importance of the content was not balanced with the force of the machine promoting it.  This incongruity is a clear sign that there is something else at play.  No one could reasonably think that it is so important to pull out all the surfacing stops that as many people as possible see and set their sights on an infinity swimming pool photo when the page isn’t even selling a room at the resort.

2. The network was doing what I call “cross amplification” They were sharing posts from one large page into many other large pages.  Obviously the network was in possession   of the raw content (I’m not saying they OWN it… I’m just saying they have it) they could just upload the content on as many pages as they want and this would produce cleaner posts- but by sharing a post from one page- to 30 different pages *they also own* that specific shared post could gain cumulative engagement power rather than each post having to start from square one to build its momentum.  Most people don’t think about these things when they see a page share a post from another page.  But this network was so abusive in it’s off topic cross amplification- some people were leaving bad reviews and seemed confused by the lack of focus. The reason why they were confused is that they weren’t comprehending that all the pages were coming from the same engagement mill.

3.  I can’t even call it a content farm/ content mill- as it appeared to me that all of the content was stolen and used without attribution.  This, more than any other thing, is the “crime” that makes the network the work of truly bad actors.  The whole network is built on the foundation of stolen property.  In the population of low-grade content consumers there seems to be a lot of confusion about copyright, with many believing that once something is posted online you no longer have control over who uses it.  That may be true, but it does not mean that copyright does not exist. Facebook does such a piss poor job protecting the creators of the elements of photography, video and writing that are the essential components of “content” that a general attitude has been fostered that it’s perfectly legitimate to take and reuse what you find just laying around on the internet.  A surprising number of people are unable to grasp the distinction between taking someone’s content and sharing it. Facebook doesn’t simply overlook these crimes against creative people, they have made their blind eye into a lucrative loophole, collecting advertising fees for tee shirts with stolen designs, collecting post boosting fees of freebooted video and monetizing instant articles of plagiarized stories.

If you don’t understand what freebooting is, or why there is any harm in it- here are two youtube videos that do a great job explaining it:
FIX  : Smarter Every Day on Freebooting
Kurzgesagt on Freebooting

In regular practice- pages share on-topic material from multiple sources for the benefit of the interested page audience.  They keep their audience engaged by creating and aggregating relevant content. Sharing posts from a variety of sources builds up community networks and helps out other content producers by putting their stuff in front of more people.  This network did the opposite- it fed their audience a variety of in-network cross amplification content regardless of the theme. The content is severed from it’s source and beret of any important contextual imormation.  People were commenting on photos of Dream Vacation pages asking, “Where is this?” and of course not getting an answer from the automated content factory that was merely scraping someone’s Pinterest for linkless uncaptioned unattributed photos.

Feel free to skip to the end if you want to get to the spreadsheet, I have to do an aside:

Let’s talk about Simplemost.  This is an American content mill owned by the E.W. Scripps company based in Cincinnati Ohio.  Scripps is an old newspaper and broadcasting company behind many local and national stations.
You may be see some familiar logos in this dramatic nationwide map.

Simplemost, in their own words: “The goal of Simplemost is to provide women with the news that can impact their lives, along with ideas and tips to help make things just a little easier.”

OK- I’ll just set the obvious insult to my entire being aside for this blogpost as it’s getting pretty long already… but I’ll just mutter… “What exactly does being a woman have to do with this?”  …OK… flip-flop sales could be considered news… maybe. Especially if the journalist writes lengthy articles about the sale while maintaining that it’s not an advertisement (fine print: they do maybe get a small kickback from sales) We can know it’s not an ad because there are other ads placed within the “article”… you can’t sell ads inside other people’s ads now can you? that’s all the proof you need.  Getting my women’s news from Simplemost makes me almost as happy as being invited to a Mary Kay party.  The fact that Scripps doesn’t have a parallel content mill for men makes me wonder what that might look like… oh never mind, forget I asked.

If this is sparking your curiosity, Daniel Walters wrote an article for the Inlander about Simplemost content on the Facebook pages of local news stations back in February.

How does Simplemost work?  There are lots of content mills like this, it would be good to begin to recognize them, and to adjust your consumption accordingly.  They have a team who churns out content, and they also take submissions.  The content is sorted into categories.  If you have a place that lacks some content- if you just need a little filler to keep your audience idly present- like elevator music for human eyes… assuming you meet their qualifications (lots of page likes and the ability to generate traffic), you can get an account which allows a page owner to use Simplemost content to stock a page that obviously doesn’t have a reason for existing. I’m sorry I can’t find the link to the Simplemost account requirements today- I read it back in May and it didn’t seem hard to find back then.  It even had specifics like the number of likes your page had to have as well as the expected payout for your traffic.  When a Facebook page doesn’t have anything of their own, or anything stolen from someone else, Simplemost can provide the page curator revenue generating filler. Apparently Simplemost does discourage copyright violators and in Section 12 of their terms of use says that they don’t want to associate with them although I am unsure if that extends to the point of distribution and not just the aquisition of content.

When the audience clicks on the Simplemost content- that makes money for the page owner.  So you see- they can fake out 300,000 people to like a page allegedly about Beautiful Nature, and then slip them a link or twenty about stuff like a reboot of the show “The Nanny” and make money. (note: this screenshot shows a Simplemost instant article, so Facebook is also serving and profiting from targeted ads to the viewer)  Simplemost pays the page for the traffic- advertisers pay Simplemost to show their ads to the visitors (or pays a little kickback when people buy products after reading Simplemost “articles”).  The people who are being sent aimlessly around only pay with their time and digital footprints.  Simplemost content, like the cross amplification I mentioned earlier- carries with it the cumulative weight of the rolling engagement snowball.

nanny

There is another mill called Providr- they are another content source the Beautiful Nature network is using.  Providr is only interested in working with pages with a quarter million likes and up.  My spreadsheet notes some of the pages sharing Simplemost and Providr content- but it may not be a complete listing, if I did not thoroughly scroll through the page posts- I may have missed it.  I may have also not known to note the associations until I was deep into the job, which is now alphabetized.

I saw a lot of Providr content as I was hopscotching through the Beautiful Nature network last night.  The cheap train trip map caught my eye over and over.  So I had to do some backtracking when I saw the Providr train map associated with a website called incrediblenat.com.  This is what Zia Uddin’s incrediblenat.com train-trip article looks like (whoohoo- I  did it! I archived a webpage for a solid link in the future!…Providr’s website wouldn’t let wayback crawl it I guess) The 3 month old website is registered to Abdul Samad in Karachi. This website is featured prominently on the Facebook page “Luxury World” with over 1,100,000 likes.  Does Providr also licence their content for filler on other websites (with faked bylines)? The article posted to Providr’s website on 12/13/17 does not name the author.

Before I get to the Beautiful Nature spreadsheet- I just wanted to mention this other strange little set of at least 12 pages I found, one has been disabled.  I named this set “Pages with long and vulgar names” I remain stunned by my lack of naming imagination in the face of what I now understand could be infinite possibility. These pages all use Simplemost content. Some, like #12- almost exclusively. Other content mills used by these pages include postize.com, providr.com, viralthread.com, and teenmomtalknow.com  I wonder what Simplemost thinks about their brand being the core content of pages like these?

vulgarnames

This example from the Beautiful Nature network, “Wonderful Nature Clicks” I just pulled to show redundant excess- they have posted 15 Simplemost articles in the past five hours. That streak abruptly switches off to cross amplification of network page posts before going back to Simplemost- for a total of about 50 posts in 12 hours.

Here is a strange one- On the page “Stories in Picture” Tina left a negative one star review and two more people chimed in agreeing with her.  Thank goodness some people are paying attention, but what follows… this is just the sort of thing that has me thinking people are asleep at the wheel.  Guillermo posts a five star review using Tina’s negative comment word for word except he adds “excelente page” at the end. How weird.

storyinpicture

Relentlessly curious as I am, I went to Guillermo’s profile to see if he had reviewed anything else and found this on the page WebArt.  (this page was not included in the Beautiful Nature network and only appears connected through Guillermo)

webart

This page “Beautiful Animals Moment” is full of awful reviews that don’t seem to be coming from bots- people are pissed!

“This page does not publish things according to its title, it shows animals been devored, animal suffering and it’s frecuently disgusting.Not animal friendly at all.I don’t want to see anymore.”

“Is this suposed to be funny or is it about animal torture ?
This page is not about beautiful animal moments at all.”

“Horrible, cruel, animal torture videos, this group should be closed down”

So about that…

I made the “Beautiful Nature” spreadsheet back on May 7th and 8th, I made a small post about it on the 12th and then I set it aside.

This week I was working on another spreadsheet- documenting military Romance scam profiles that are using the stolen photos and variations of the name William Galbraith- I feel the need to document reported profiles because Facebook ceased sending feedback reports in late May.  Now there is zero record of reported profiles or feedback about Facebook’s action (or inaction) The reporting process is now a bit like putting notes in a bottle and tossing them into the sea. So hopefully spreadsheets like this (with over 100 same name profiles using photos that should be cataloged in a facial recognition database by now) may force a little bit of accountability and highlight how hollow their PR promises ring when they speak about their fantastic new tech that can detect bad actors.

galbraith

This brought up a conversation with Felicia over at Unfakery who I had worked with on a botnest of autoposting profiles. That strange situation was publicized in a Buzzfeed article.  Felicia said that amazingly, even after all the publicity, the bot accounts were still present on Facebook.

I wondered what was going on with the Beautiful Nature Network.  Pages I had not reported, but merely listed. At the time- due to the effect of surfing hundreds of network pages for hours on end- my own newsfeed was overwhelmed with network shares from my own backstabby hummingbird and rolling fields of lavendar loving friends.  At least from the algorithmic filter I’d created, it seemed as if that network was well on it’s way to total platform domination that week.  So imagine my surprise when I opened my spreadsheet and began to open tabs- that many of the links were broken.  Turns out, precisely 50% of the links I had managed to document were broken: 124 of 249. (as of 6/25/18)   Well that’s interesting.  I must not be the only person who can find banal pretty content problematic.  Facebook was already on the case… but what case were they on?  They took a much bigger bite out of the Beautiful Nature network than they ever did to the Fake Native pages from Kosovo.  What was the violation those removed pages had committed that called for their removal? Big…BIG pages… gone.  For what reason? I could guess- but the part that is confusing to me is that so many pages from the same network proved to be seriously problematic- yet 50% of them remain.

This list is just the tip of the iceberg, it is in no way complete.
Deleted page links are marked with red.
Here is the link to the spreadsheet

Is it really that hard to detect bogus accounts? 

Is it really that hard to detect bogus accounts? 

A tweet by Zeynep Tufekci about the unchecked virality and potential of profiteering from hatemongering on Facebook reminded me of a post I had written back in February of 2017.

img_7902

Many clickbait sites simultaneously ran a story about a muder that had happened in Germany in February of 2016. The story was pushed out with outrage headlines and together had garnered almost 50,000 shares when I counted last February.

Curious if this story was still floating around I searched Facebook for it again. I found a garbage clickbait website with more ads than copy. The page was full of ads, invasive popups and the article had a Spetember 14, 2017 date. Can you even find the article?

img_7892img_7894

The website yourviralstory .com is listed as being registered to a Rafael Joseph Rivera and is hosted by the same IP address as another website, Newsduterte. Com.

img_7900img_7901

The story was placed in a Facebook group called “Hispanics, Latinos, Mexicans for Trump.” by a profile called Budak Xiel Lhanie.

Searching the group for posts by Budak I see that Budak has only posted links to two websites, Yourviralstory and Newsduterte.

img_7897img_7896
Going to Budak’s profile I feel confident that this profile of an alleged Harvard graduate is not legitimate and have no qualms about posting about it critically and publicly.

img_7895
The two following links will open with search results showing the actual posts and groups as your own FB privacy settings allow you to view them.

Of the public groups Budak is a member, three of them are local to the Philippines. Eighteen of them are Donald Trump focused groups and one is for Sean Hannity fans.

Of the public postings Budak has made, all of them link to either Yourviralstory or Newsduterte.

On September 9, 2017 Budak made 32 posts of 11 different articles from Yourviralstory into Donald Trump groups. Budak never posts links to the same story more than three times and Budak almost always posts links to the same story exactly three times. This is likely an adaptation to fly under Facebook’s radar as a spammer. It goes without saying that the introduction text Budak adds with each post is identical each time.

Timestamps also reveal automation:

10:26 AM- 10:40- 11 posts

1:33 PM- 1:40 – 12 posts

3:41 PM – 3:45 – 9 posts

I find it had to believe that Facebook’s machine learning is so simplistic that a cluster posting pattern like this would not register as a problem:

3 3 3 3 3 3 3 3 3 3 2 3

But one like this maybe would (also 32 posts)

1 3 2 1 1 3 2 6 2 3 1 7

I don’t really have more words to summarize this quick and dirty peek at the flood of garbage content on facebook that flows unchecked. There you have it.

While the news is full of concerns about Russian trolls, political ads and collusion there are many other players who are toying with incendiary subjects, not always *fake* news; sometimes real news, misused, tied in a knot, cherry picked and amplified beyond it’s logical place in space and time, possibly for no reason other than simple profit.