U.S. Law Enforcement Takes Action

U.S. law enforcement seized two website domains connected with an AI-powered social media bot farm linked to the government of Russia, the U.S. Department of Justice (DOJ) announced on Tuesday.

According to the DOJ documents, cybercriminals use generative AI to create fake social media profiles. Many of these profiles claimed to be U.S. citizens and were used to post pro-Russian messages on Twitter.

Disruption-First Strategy

"This is a strong example of the disruption-first strategy that the Department, including the FBI, have taken when it comes to cyber and cyber-enabled threats to national security," a DOJ spokesperson told Decrypt.

"Russia intended to use this bot farm to disseminate AI-generated foreign disinformation," said U.S. Federal Bureau of Investigation (FBI) Director Christopher Wray. The bot farm aimed to undermine U.S. partners in Ukraine and influence geopolitical narratives favorable to the Russian government.

Technical Details

The bot farm allegedly used domains (mlrtr.com and otanmail.com) issued by Arizona-based domain provider Namecheap.

They used private email services to generate random email addresses and create profiles on Twitter, for example, a bot account purported to be a Minneapolis resident who described himself as a "humanist" and included a hashtag for Bitcoin. The bot farm created over 968 Twitter accounts between June 11, 2022, and March 1, 2024.

Expert Insights

For cybersecurity experts, publicly available generative AI models and standardized developer tools are attractive to state-sponsored cybercriminals.

"The combination of generative AI and developer APIs provided by platforms like Telegram, X, and Meta can be hazardous if used maliciously," co-founder and CTO of blockchain security firm Halborn, Steve Walbroehl, told Decrypt via Telegram. He added that Telegram groups composed entirely of AI-driven bots could create false hype and social proof, misleading people and online communities.

Ongoing Efforts

The operation to root out the fake accounts began in June with the filing of two search and seizure warrants from the United States District Court for Arizona. These warrants authorized the search of X Corp's (aka Twitter's) servers and the seizure of Namecheap's domains. Twitter voluntarily suspended the reported accounts, citing violations of its terms of service.

International Collaboration

The operation was conducted with the FBI, Cyber National Mission Force, government partners in Canada and the Netherlands, and social media companies, including Twitter.

"With these actions, the Justice Department has disrupted a Russian-government-backed, AI-enabled propaganda campaign to use a bot farm to spread disinformation in the United States and abroad," Attorney General Merrick B. Garland said in a statement.

"As the Russian government continues to wage its brutal war in Ukraine and threatens democracies around the world, the Justice Department will continue to deploy all of our legal authorities to counter Russian aggression and protect the American people."

Broader Implications

It's not just fake Twitter accounts that promote scams and disinformation. Recently, a rash of cyber attacks targeting legitimate Twitter accounts of prominent entertainers, including musician Doja Cat, actress Sydney Sweeney, and legendary heavy-metal band Metallica, have been used to promote crypto scams.