Digital Civic Space Advisor from European Center for Not-for-Profit Law (ECNL), Karolina Iwańska, along with Fernando Hortal Foronda, a Digital Policy Officer at the European Partnership for Democracy (EPD) comes up with their report on the Facebook-Cambridge Analytica Scandal.
In the 2010s, millions of Facebook users' personal information was illicitly obtained by the British consulting company Cambridge Analytica, mostly for the purpose of political advertising.
Apparently, this data was gathered via an app named “This Is Your Digital Life,” developed by scientist Aleksandr Kogan and his company Global Science Research in 2013. The app gathered the personal information of users' Facebook friends while asking a series of questions to create psychological profiles of users, through Facebook's Open Graph platform.
The app collected data from nearly 87 million Facebook profiles. Cambridge Analytica utilized this data in order to support Ted Cruz and Donald Trump's presidential campaigns in 2016. Following this, the corporation was widely accused of meddling in the Brexit referendum, although the official investigation acknowledged that Cambridge Analytica was not involved "beyond some initial enquiries" and that "no significant breaches" occurred.
Microtargeting is still the most frequently used term in the discussion of political ads in the wake of the Facebook-Cambridge Analytica Scandal, and it is seen as the biggest threat that needs to be addressed.
This was in fact anticipated, considering the eye-catching nature of the scandal in terms of the Brexit referendum, which involves a charismatic whistleblower and shady players. Meanwhile, the threat that Europe faces stems less from political advertisements being targeted by secretive PR firms, political parties, or campaign organizations.
However, what turns out to be underrated protagonists in the scandal are the automated systems of delivery which are being operated by Facebook or Google, since they precisely determine who and why an individual must engage with specific political ads, instead of anyone manually selecting the targeting criteria.
The online political advertising market in Europe belongs to two companies: Meta and, to a smaller extent, Google. These companies, while promising advertisers to not access the personal data of potential voters, target something of a much greater value, i.e. delivering the ads directly to individuals who are most likely to engage with the advertised message.
Deciding on who the target audience is, is entirely up to the platform instead of the political party. Although, the political party may contribute to selecting the potential audience, in terms of user interest and demographics. They can also upload information gathered elsewhere so the platform can compare it to individuals already registered and identify "lookalikes"— people who are similar to them.
While ad targeting is a considerably good phase, ad budgets for European political campaigns are comparatively small for the message to reach everyone in the selected audience. This is where the role of the ad delivery algorithm kicks in.
In this phase, Facebook and Google choose users for whom the advertisement is deemed to be the most "relevant" by the platform. This is decided using forecasts generated by automatic processing of the enormous amounts of personal information that these firms gather about particular users — and those who are similar to them — through pervasive tracking on their platforms and third-party websites.
As compared to ad targeting, the automated delivery of political ads is deemed to be more impactful and dangerous, the reason being the massive amount of personal data involved in the same. Ad-delivering operations are inherently opaque. Moreover, the platform's machine learning algorithms look for patterns in behavioral data, which occasionally leads to the processing of sensitive data, like the users' health problems.
In such aforementioned cases of political advertising, no matter if parties tend to target and reach diverse audiences, platforms are most likely to show ads to users who already agree with the message and support the given party. Therefore, creating a filter bubble for users, consequently fragmenting the public space.
Political parties may also be impacted, considering that the platforms create push parties’ messages only for their supporters, reaching unconvinced or less politically active users would require a higher price for the party to pay.
Instead of limiting the involvement of algorithms in political advertising, the European Commission's proposal to regulate political advertisements focused on somewhat reducing the processing of sensitive data and improving the openness of the processing of all personal data.
The text approved by the European Parliament forbids the use of automated ad delivery methods, as well as inferred and observed personal data, in political advertising. This is the required action to safeguard the EU's democratic processes against improper influence, which could come from malicious activities as well as algorithms that have been tuned to benefit big tech's business objectives.
The info-stealing malware Rhadamanthys uses Google advertisements as a means of luring people into downloading malicious software. The malware steals information including email addresses and passwords in addition to focusing on cryptocurrency wallet credentials.
Rhadamanthys is sold to criminals as malware-as-a-service (MaaS), and its utility has multiplied as infostealers become a popular tactic to attack targets.
As of yet, at least one prominent user on the cryptocurrency scene has fallen prey following the malware campaign. According to the victims, the hackers had stolen all their digital crypto assets, along with having access to their professional and personal accounts.
According to threat researcher Germán Fernández, Rhadamanthys, named after the demigod child of Zeus and Europa in Greek mythology, has been dominating Google advertising for the widely used OBS (Open Broadcasting Tool) platform, a free video recording, and streaming service.
Since November 2022, Rhadamanthys’ popularity has been growing rapidly. It has now advanced to a point where, if an online user searches for an OBS, they will eventually encounter five malicious ads at the apex of their Google searches, before seeing legitimate results below.
A user may download malware, alongside legitimate software after he clicks on these advertisement links.
In one such instance, 'Alex', a crypto influencer, better known by his online persona NFT God, was hacked following the download of a fraudulent executable for the OBS video recording and streaming program, through Google’s search results. His life was permanently altered when he mistakenly clicked on the fraudulently sponsored advertisement rather than the genuine one.
“Last night my entire digital livelihood was violated. Every account connected to me both personally and professionally was hacked and used to hurt others. Less importantly, I lost a life changing amount of my net worth,” he tweeted.
According to a report by the security firm Cyble, Rhadamanthys is offered for sale on the dark web and is distributed via spam emails along with Google advertisements.
Rhadamanthys will start by obtaining relevant device data after a successful intrusion. The data often includes the device's name, model, operating system, OS architecture, hardware details, installed software, IP addresses, and user credentials
“The Rhadamanthys program is capable of executing certain PowerShell commands[...]It also targets document files, the theft of which (depending on the sensitivity of their data) can cause severe issues for victims,” reads a blog post by cybersecurity firm PCrisk.
In addition to this, the MaaS targets cryptocurrency wallet credentials by attempting to extract crytowallets’ passwords in order to acquire control of them and their funds.
“In summary, the presence of stealer-type malware like Rhadamanthys on devices can result in serious privacy issues, significant financial losses, and even identity theft,” PCrisk concluded.
In order to delay the victim’s response, users are advised to evade the malware activity by checking the URL, since the malicious links may seem identical to the official OBS site. The fraudulent URL may contain subtle spelling mistakes, a malicious tactic used to create fake URLs, called Typosquatting.