Google Claims It Knew CfA Ad Buy Didn’t Originate from Russian IRA

NEWS ANALYSIS: Google claims that it knew all along that an advertising purchase by a Washington-based watchdog group wasn’t really from the Russian Internet Research Agency, which is why it didn’t the block divisive ads.

Russian Infrastructure Attack Campaign

A Washington-based watchdog group, the Campaign for Accountability, is reporting that it was able to post a series of ads on Google sites that emulated the activities of Russian trolls. 

The ads used divisive images and wording taken from or inspired by similar ads that ran during the 2016 presidential election and they were purchased using Rubles from an account ostensibly based in Russia. According to the group, Google accepted the ads through its Adwords network and ran most of them, although two were rejected. 

But it turns out that there’s more to the story than just Google versus the Russians. The whole effort was actually run by something called the Google Transparency Project, which has as its lodestar the exposing of unflattering information about Google. The CfA does not reveal who its backers are, but apparently Oracle, a major competitor and courtroom adversary for years, is one of them. 

While Oracle is reported to deny any connection with the ad buying effort, the company has admitted its connection with CfA. 

In an interview in Fortune in 2016, Oracle senior vice president Ken Bluek is quoted as saying that Oracle is “absolutely a contributor” to the Google Transparency Project. It’s role in this case is unclear, although CfA executive director Daniel Stevens told eWEEK that Oracle was not involved in its tests of Google’s ad screening. 

The CfA released a statement announcing the findings of the Google Transparency Project, and put forth its claims that Google’s statements that it’s preventing Russian interference in elections might not be as good as Google claims they are. The CfA released a detailed report on exactly how the GTP went about its tests, with detailed photos and descriptions. Apparently the group spent about $100 to spread the divisive ads around Google and YouTube. 

Google, as you might expect, has cried “foul” and said that the reason it didn’t refuse the ads was because the test wasn’t really being run by the Russians. A spokesperson for Google told eWEEK that the company has built in numerous controls, including technical detection systems and a detailed mapping of foreign troll accounts. It claims that successful attacks from foreign trolls have diminished as a result of its efforts. 

“We do have robust technical systems in place to detect this kind of abuse on our platform from recognized troll farms. The indicators were not triggered this time because it was a stunt, not a real threat,” the spokesperson said. 

The spokesperson also referred to a recent blog post by senior vice president Kent Walker, the same executive that Google sent to the Sept. 5 Senate Intelligence Committee hearings that provides an update of state-sponsored activity. This post described a recent surge in attacks from Iran, and also described how some of the detection systems work. The spokesperson was unwilling to provide detailed information on their security operations, which is no surprise. 

However, the spokesperson did say that Google uses known IP addresses, domain ownership information, account metadata and subscriber information to help uncover trolls. The spokesperson said that the CfA group didn’t use the known techniques of Russian trolls. 

The spokesperson also accused Oracle of “Astroturfing” its relationship with CfA.  Astroturfing, despite the name, is not the synthetic green carpeting the athletic fields of indoor sports stadiums. Rather, it’s a practice of large corporations to mask its sponsorship of a political action group to make look like a true grass roots initiative. 

What actually happened is that the GTP did indeed succeed in penetrating Google’s defenses against divisive material and publish a number of ads that were linked to real IRA sites, using real IRA material. It’s also clear that Google didn’t catch it.  

For its part, Google points out that it focuses on who is trying to place ads, thus doing its best to prevent foreign interference in U.S. elections, not so much on what the content actually says. Even though the GTP tried its best to look like Russians, Google was able to tell that they weren’t. 

But the focus on specific attackers, which by all accounts works well enough that Google has been able to catch more than just Russians attempting to influence elections, presents a sort of digital Maginot Line, which will almost always prevent the expected attackers from achieving their goal. 

But like the Maginot Line, which failed to stop Germany’s lightning invasion of France at the start of World War II, it would seem that Google’s approach has a similar weakness. Adversaries can always go around those defenses, perhaps by paying non-Russians in neutral locations to produce and run the divisive ads at the direction of the IRA. 

In one sense, the test of the Google defenses may have exposed a weakness. If so, I suspect Google will fix it before long. But if the CfA is serious about this mission, it needs to expand its efforts beyond Google and make similar attempts against Twitter and Facebook. 

During the 2016 elections, Facebook was by far the most vulnerable service and it’s important to see if those vulnerabilities still exist. Likewise, Twitter, despite its many purges, may also be as vulnerable as ever. The CfA could do a real public service if it moves beyond its efforts against Google and starts testing the social networks of companies that Oracle doesn’t directly compete with. 

Wayne Rash

Wayne Rash

Wayne Rash is a freelance writer and editor with a 35 year history covering technology. He’s a frequent speaker on business, technology issues and enterprise computing. He covers Washington and...