- A Mexican presidential candidate’s website was overwhelmed by traffic moments after he announced it at a debate earlier this month.
- The candidate and his party attributed the shutdown to a cyberattack, but specialists doubt that.
- The incident has brought renewed attention to online efforts to influence Mexico’s election.
Shortly after Mexican presidential candidate Ricardo Anaya held up a placard announcing his campaign’s newest website, Debate2018.mx, during a debate on June 12, the site was overwhelmed by an influx of traffic.
Anaya’s campaign said the site — which was to offer evidence of wrongdoing by campaign frontrunner Andres Manuel Lopez Obrador — likely experienced a distributed denial of service attack and that most of the traffic had come from Russia and China.
But experts have cast doubt on that version of events and said homegrown cyber activity will likely play a bigger role in Mexico’s election.
Last year, then national security adviser Gen. H.R. McMaster said there were “initial signs” of Russian effort at “subversion and disinformation and propaganda” targeting Mexico’s election using cyber tools.
There have been no clear signs of foreign meddling in Mexico ahead of the July 1 election that will pick some 3,400 office holders at all levels of government. Mexico has said it has not received evidence from the US of such interference, and Russian authorities denied engaging in it. But accusations have continued.
The coalition backing Anaya’s candidacy said after the debate that the traffic responsible for bringing the site down came from Russia and China. But digital-security specialists told Verficado 2018, a site set up to check claims made during the campaign, that the evidence presented did not prove there had been “a Russian attack,” saying that the traffic that did originate in Russia would not have had more of an impact than traffic that came from Mexico.
The specialists said the main reason for the crash was the site’s administrators failing to prepare for a sudden influx of traffic.
“If this was a DDOS attack, the most likely explanation is that hackers inside of Mexico purchased the capabilities to conduct that attack from a group that hosts its bots in Russia,” said James Bosworth, a Latin America expert and founder of the risk-analysis firm Hxagon. “It’s also likely true that the Anaya campaign’s tech team was unprepared for the surge in legitimate traffic, much less a DDOS attack.”
‘Locations are easy to fake’
Accusations of social-media manipulation targeting Mexico’s elections are not new.
The Institutional Revolutionary Party has been accused of using networks of bots to influence trending topics during the 2012 presidential campaign, in which the party’s candidate, Enrique Peña Nieto, defeated Lopez Obrador. (The PRI ran Mexico as a de facto one-party state for much of the 20th century, retaining power in part through electoral manipulation.)
In 2016, a hacker named Andres Sepulveda told Bloomberg he was given a $600,000 budget to back Peña Nieto’s 2012 campaign by hacking the opposition and through a network of 30,000 Twitter bots used to create false waves of enthusiasm and criticism.
Activists, journalists, and other public figures in Mexico have also faced online attacks, often from networks of trolls and accounts run anonymously.
Such social-media activity has come to the fore again during this campaign, though many have pointed to foreign interferance — particularly from Russia — on behalf of Lopez Obrador, a popular leftist politician who has inveighed against corruption, inequality, and entrenched power in Mexico.
Analysis by the Atlantic Council’s Digital Forensics Research Lab found that the source of that traffic is not so clear.
“We were unable to verify claims that Russian bots were targetting the Mexican elections,” said Donara Barojan, a research associate at the DFRL.
“We did, however, find one ‘Russian-speaking’ botnet, which was actively promoting the Green Party of Mexico” but classified it as a commercial, rather than political, botnet, as it was boosting posts on a variety of topics from all over the world, Barojan added.
The bots found by the lab appeared to be run by people supporting Mexican political parties or by commercial users who rented them out, said Ben Nimmo, a nonresident senior fellow at the DFRL who, with Barojan, analyzed reports of Russian bots targeting Mexico’s election.
“Some of the paid bots we identified appeared to originate from Russia, but they amplified content from users all over the world, without a particular political slant, so they don’t look like an influence operation,” Nimmo said.
“There’s no evidence to suggest that the political bots we found were based outside of Mexico,” he added. “Absence of proof does not equal proof of absence, but so far, there’s no reason to suggest state-run efforts.”
Nimmo stressed that the origin point of certain online activity could easily be faked but said between 75% and 90% of the activity the lab had analyzed appeared to come from Mexico, while a smaller portion, between 5% and 15%, appeared to come from Venezuela or the US.
“But locations are easy to fake,” he noted, “so this is suggestive, rather than conclusive.”
‘Bot activity is everywhere’
Use of bots, or automated accounts, and trolls, which are people using fake accounts, cuts across political parties in Mexico, where social media is especially popular and where 14 million new voters are set to cast ballots this year.
Consulting firm Metrics México said in March that more than 18% of Twitter content in the country over the previous weeks was created by bots and paid influencers. “The influencers put out the topic, the bots fatten it up, and public opinion buys it,” the firm’s CEO told El Pais.
Two people previously employed as trolls told El Pais that they were paid about $580 a month to operate dozens of fake Twitter or Facebook accounts using either fabricated or stolen identities. “They think you’re a real human being,” one of them said.
A woman known as Sophie said on a December episode of the Reply All podcast that she answered a help-wanted ad during the 2012 campaign and found herself using Twitter to promote Peña Nieto.
“They gave us a lot of accounts. In my case I had three or four,” she said. “There were people that had more, like five or six, there were people that only had one, but they were fake accounts. You could not use your Twitter account for anything, anything, anything, because it was like secret.”
“Bot activity is everywhere,” said Nimmo, adding that despite more awareness, human users often struggle to tell bots from other human users.
But in Mexico, where this year’s election is characterized by a strong rejection of Peña Nieto and the governing PRI, it’s not clear that online campaigns will successfully shape public sentiment.
“An algorithm-run account is highly unlikely to change anyone’s perception towards a particular issue or an individual,” said Barojan, “but they can make that issue or individual seem more important or popular than they really are.”
The PRI and Lopez Obrador’s party, the National Regeneration Movement, or Morena, were both likely to wield vast networks of social-media bots during the campaign, Bosworth said in an interview earlier this year.
Other analysis by Barojan found that PRI senate candidates were using automated social-media accounts to promote their own campaigns.
“The PRI have certainly been using their bots to promote their candidates and smear their opponents both at the national level and local level,” Bosworth said in an email on Monday. “While they have been able to manipulate trending topics on Twitter, it doesn’t appear to be impacting public opinion much. Mexican voters are definitely anti-PRI this election.”
But bots promoting Lopez Obrador and his party have not been used “to their full potential,” Bosworth said. His “lead is so comfortable that he has little need to engage in a controversial bot campaign that could lead to negative coverage.”