Comments removed — likely through spam detection — on Facebook before they gained traction
Approximately one hundred automated comments featuring the exact same content, originating from different Facebook profiles, appeared on an official communications post of the Macedonian Government’s Facebook page. The comments were quickly removed, presumably by Facebook’s automated or content review systems.
The Facebook post subjected to the attack was written in celebration of International Solidarity Day. It described solidarity a strong tool to celebrate unity in diversity. Meanwhile, the coordinated posted demanded equal rights for Albanians in Macedonia. The spam comments, as translated, read:
@DFRLab analyzed the post but found that the profiles seem to be authentic and of Albanian origin. In one of the profiles, there were no apps associated, which could be a likelihood of determining whether any automation helped in gamifying the comments.
The first hashtag (#WeAreMoreThan20%) refers to a law that earlier stated that Albanian will be considered as an official language in Macedonian regions where ethnic Albanians make up at least 20 percent of the population, but recent amendments in the Parliament allowed adoption of Albanian as an official language for the entire country. The middle two hashtags (#EqualRights and #StopDiscriminationTowardAlbaniansInMacedonia) are relatively straightforward in their translation, though it remains unclear as to what rights and discrimination the message refers.
The last hashtag (#FreedomForThePrisonersOfTheKumanovoIncident) refers to the Kumanovo shooting in 2015, in which 18 people were killed and more than 50 were injured. The attacks resulted in arrests of 33 ethnic Albanians who were involved. The hashtag demand was for releasing the Albanians arrested in the incident.
Similar Inauthentic Coordinated Activity
In September, @DFRLab reported similar “inauthentic coordinated activity” that comprised angry reaction emojis on Macedonian Prime Minister’s speech in a post by Exposure for European Macedonia (the Yes! Campaign official Facebook page). The Yes! Campaign was an interim initiative by the government to motivate people of Macedonia to vote “Yes” in the name-changing referendum, in which the Macedonian public voted to ratify a name change agreement between the country and Greece, thereby allowing Macedonia to accede to the European Union and NATO, and which was held on September 30, 2018.
The incident appeared to create a false impression about how the public perceives and feels about the “Yes!” Campaign, in an attempt to sway the supporters and opponents.
The spam attack was likely done to reinforce a political sentiment, with an attempt to hijack the solidarity message by putting forward a demand to release arrested Albanians in the Kumanovo shooting incident.
Even though the attack could not amplify the message as intended, given the takedown of the comments, it still garnered wide attention from the Albanian media, which highlighted how attacks like these can disrupt and hijack official communications messages.
As of now, there is still no clarity as to who was behind the activity.
@DFRLab will continue to monitor Macedonian social media platforms for disinformation and inauthentic amplification.
Kanishk Karan is a Digital Forensic Research Assistant at the @DFRLab.
Vladimir Petreski is Digital Forensic Research Assistant at the Atlantic Council’s Digital Forensic Research Lab.
Follow along for more in-depth analysis from our #DigitalSherlocks.