A report by the security firm Symantec said some of the accounts linked to Russia’s Internet Research Agency dated back as far as 2014 and that the manipulation effort involved a vast effort that included both automated “bots” and manual operations.
“While this propaganda campaign has often been referred to as the work of trolls, the release of the dataset makes it obvious that it was far more than that,” said Gillian Cleary of Symantec’s Security Technology and Response team in a blog post.
“It was planned months in advance and the operators had the resources to create and manage a vast disinformation network. It was a highly professional campaign.”
Twitter said the Symantec analysis was based on its data released to researchers last year of some 10 million tweets.
While the Russian campaign used Facebook and other channels, Twitter’s data availability makes it easier for independent researchers to study these campaigns.
“Our singular focus is to improve the health of the public conversation on our platform, and protecting the integrity of elections is an important aspect of that mission,” a Twitter spokesperson said.
“We’ve made significant strides since 2016 to counter manipulation of our service, which includes our release of data last fall related to previously disclosed activities to enable further independent academic research and investigation.”
According to Symantec, the Twitter campaign was professionally orchestrated with accounts registered well in advance of their use, in many cases masquerading as news outlets or political organizations.
“The operation was carefully planned, with accounts often registered months before they were used — and well in advance of the 2016 US presidential election,” Cleary wrote.
“The average time between account creation and first tweet was 177 days.”
While most accounts were automated, there were signs of manual intervention, such as posting original content or slightly changing the wording of reposted contented, in an attempt to make them appear more authentic and reduce the risk of their deletion, Symantec said.
The campaign sparked real Twitter users to retweet many of the messages, with one generating over six million retweets and some were effective in organizing rallies.
“Despite the fact that the accounts (were) comprised of fake personas and organizations, they nevertheless succeeded in mobilizing people to attend events,” Cleary wrote.
“Besides its online activities, the campaign’s operators also organized rallies supporting positions on both sides of the political spectrum.”