CERT is an organization that helps researchers catalog vulnerabilities and coordinate their public disclosure. These types of tailored campaigns are what Downing had in mind when she also submitted her Facebook findings to the CERT Coordination Center at Carnegie Mellon University in late September. In recent guidance, the United States Cybersecurity and Infrastructure Security Agency warned that malvertising, as it's often known, uses “malicious or hijacked website advertisements to spread malware and is a significant vector for exploitation.” CISA added that, “Adversaries can use carefully crafted and tailored malicious ads as part of a targeted campaign against a specific victim, not just as broad-spectrum attacks.” Malicious advertising schemes broadly are an active threat across the web. “And as we've seen it's 'out of scope' in the cybersecurity disclosure channels that can prevent such a problem.”
“There's no incentive for Facebook to fundamentally change the design of ad targeting,” Downing says. The company revised and restored these mechanisms in 2018.
After a report by ProPublica in 2017 about anti-Semitic ad-targeting categories, Facebook temporarily removed the ability to target based on categories related to job titles and education. Facebook did not comment on the explanation for these fluctuations. WIRED has corroborated Downing's observations about these inconsistencies. Some come back again, and others are replaced with different sub-groups. “People can also choose whether this profile information can be used to show them ads based on these categories through our Ad Preferences.”ĭowning has seen the cycle repeat multiple times now that Facebook's military ad-targeting categories come and go. “Demographic targeting, such as job title and employers, is based on the information people opt to provide in their profile,” the Facebook spokesperson told WIRED. The Department of Defense also offers extensive social media guidelines and recommendations in an effort to keep military members and operations safe. Additionally, all ads on Facebook must comply with the company's advertising policies, which forbid manipulation and abuse. A spokesperson added that the company continually reviews the targeting options it offers and assesses how they're being used and that advertisers cannot specifically target an active-duty status. Six weeks later, on November 5, a Facebook representative replied to say that the company does not view the finding as a vulnerability.įacebook told WIRED that it has no record of Downing's original efforts in December 2019 to communicate about her research. On September 24, Downing submitted a vulnerability report about her findings through Facebook's bug bounty disclosure portal. Even when lawmakers called on Facebook to halt military equipment ads, and the company agreed to a temporary ban, some ads still seemed to be slipping by. In the wake of the Capitol riots, for example, researchers at the Tech Transparency Project found that Facebook's systems had shown ads for military equipment like body armor and gun holsters alongside updates on the insurrection and content that promoted election misinformation. While Downing hasn't detected such malicious campaigns herself, the interplay between ads and misinformation on Facebook is consistently murky. But independent security researcher Andrea Downing says the stakes are much higher should active duty members of the US military-many of whom would likely get caught up in broader Facebook targeting of this sort-face misinformation online that could impact their understanding of world events or expose them to scams. Currently categories for major branches include “Army,” “Air Force,” and “National Guard,” along with much narrower categories like “United States Air Force Security Forces.”Īt first blush it may seem innocuous that you can target ads at these groups as easily as you can most other organizations. But despite warnings from researchers, its ad system still lets anyone target a massive array of populations and groups-including campaigns directed at United States military personnel. Facebook has worked to eliminate or redefine certain targeting categories as part of a broader effort to address these threats. Targeted ads have become a major battleground, with bad actors strategically distributing misleading information or ensnaring unassuming users in scams. The spread of misinformation on social media platforms has fueled division, stoked violence, and reshaped geopolitics in recent years.
0 kommentar(er)
