12 comments

[ 3.4 ms ] story [ 16.8 ms ] thread
Does anyone have any idea what the software/hardware stack looks like for an ops like that?

There is also a longer 5 minute video but it's only available in Ukrainian https://www.youtube.com/watch?v=TpqHCrn-f-8

There is nothing really of interest there in audio. Just one bit of information that is kind of obvious: one of the bad guys (? still not sure what exactly are they charged with) discloses that they are paid on a per-registration basis.

(Whatever the police spokesman says at the end of the video I didn't truly care to listen because nothing of any value could be said by these government officials. Source: am Ukrainian.)

This is wild to see. Mainly the amount of sim cards. I hope there's a lot more that comes to light from these social farms.
I really wonder how many there are. The account numbers are high but I would not at all be surprised if the total number of such accounts is in the 10's of millions across the various platforms.
Regardless when you're doing things at this scale you're creating signatures of SOME sort. Surely there's patterns to find in their automations that allow for easier detection in other domains
Just monitoring the local base stations is likely going to give some kind of anomaly telling you roughly where to look. Other indicators: power consumption relative to number of occupants, continuous draw vs fluctuations.
That's highly organized. I'm pretty sure you'll find these in many EU countries. Bulk data SIM sales are pretty easy (typically for internet-of-things usage). Let's see if it causes a measurable drop in Russian propaganda online (maybe even here?). This is the information war equivalent of a behind the lines sabotage group and the people involved should be dealt with accordingly: as enemy combatants out of uniform.

The red SIM cards are from COMVIQ, a Swedish telco, the blue ones are for https://prom.ua/ua/p1306199934-sim-karta-sim.html , a Ukrainian telco.

How satisfying it must have been to quite literally pull the plug on this operation.

It would be really interesting to research which news sites and online forums have a significant decline in comments in the next few days.
Is there any timestamp in the video when it was shot?

Knowing exactly when they pulled the plug might come in handy: accounts that were super active right up to that point and quiet afterwards might be involved. Those could then be flagged.

I hope they got the database with the generated bot accounts to see if any of them were detected by the social networks.
They have the phone numbers now that they have the sims. All of those can be read out and used to deactivate any accounts where the phone number was used to verify the account, and those accounts together can then be used to train a discriminator to spot other such bot farms. The catch rate should jump up considerably.