Researchers at Dismislab have exposed a significant bot network on Facebook that has been actively promoting political messages in favour of the Bangladesh Awami League, the ruling party during the 12th Parliamentary Election held in January this year. The network, responsible for over 21,000 comments, was discovered after a Dismislab researcher identified suspicious activity on a seemingly unrelated Facebook post by the news outlet bdnews24.com.

The discovery and scope of the bot network

The initial discovery was made on June 21, when a Dismislab researcher noticed a political comment under a bdnews24.com Facebook post about color printers. The comment, which stated, "This election will be transparent. People will be able to vote freely in the upcoming election. The BNP is scared to participate because they can't rig the vote this time," was out of context and triggered further investigation. This led to the uncovering of a bot network that was highly coordinated and extensive in its reach.

Dismislab's research identified 1,369 Facebook accounts that were involved in this network. A significant proportion of these accounts (77%) were registered under female names, with a striking similarity in their naming patterns. For example, 24% of these female profiles had the last name "Akter" (or its variant "Aktar"), with names like Diya Akter, Riya Akter, Liza Akter, and Lima Akter being common. Male profiles frequently used surnames like "Ahmed" and "Islam." In both male and female accounts, 90% had names consisting of two words, sometimes splitting a single name into two, such as "Ri Pa" or "Mi Na."

Profile patterns and characteristics

In line with traits typically associated with fake Facebook profiles, Dismislab reviewed the privacy settings, friend counts, posting patterns, and profile pictures of these accounts. They found that 247 profiles were locked, while of the remaining 1,122 accounts, 70% used profile pictures sourced from elsewhere on the internet. Notably, some pictures were used across multiple profiles. For instance, a single image was found to be used by eight different accounts, including those named Fahad Islam, Rajib Ahmed, and Mamun Ahmed, all of which uploaded the picture on the same day, November 30, 2023.

The network also demonstrated a pattern of using attractive images, particularly of Bangladeshi actresses and models like Ashna Habib Bhabna and Tama Mirza, as profile pictures for female accounts. According to cybersecurity firms like McAfee, this is a common tactic among fake accounts to lure real users.

Among the profiles that were not locked, 85% had no identity information in the "About" section, and 93% had no public posts apart from profile pictures and cover photos. Nearly half of these accounts did not display their friend counts, and 45% had fewer than 200 friends. Only seven accounts posted regularly, often sharing similar types of content, further indicating a coordinated effort.

The bot network's activity and errors

Dismislab's investigation revealed that the network was responsible for 21,221 political comments, yet only 474 were unique. These comments were repeatedly posted across different Facebook pages, primarily targeting political opponents of the Awami League, especially the Bangladesh Nationalist Party (BNP). For example, a profile named Riya Akter made 138 comments on different posts over six months, often echoing pro-government sentiments.

One of the most frequent comments, "Only those who have no faith in the people are afraid. That's why BNP is scared to participate in the election," appeared 244 times, posted by 217 different bot profiles. The network's coordinated nature was further demonstrated by the fact that 88% of these comments were made within a two-hour window, suggesting a highly organized and possibly automated process.

However, the network was not without its flaws. Some bots made errors by posting political comments on irrelevant posts due to misinterpretation of certain keywords. For instance, the term "MIC" (Machine Identification Code) in a post about color printers was mistakenly associated with "EC" (Election Commission) by the bots, leading to a flood of political comments on a non-political topic.

Previous instances

Meta, the parent company of Facebook, has previously taken action against similar activities in Bangladesh, removing multiple pages and profiles linked to coordinated inauthentic behavior (CIB). Earlier in May this year, in its Quarterly Adversarial Threat Report for Q1 2024, Meta announced the removal of 50 Facebook accounts and 98 pages linked to Bangladesh's ruling Awami League, citing violations of its policy against "coordinated inauthentic behavior." These accounts and pages, which collectively had about 3.4 million followers, were found to be targeting domestic audiences using fake identities to post content and manage pages. Some of these pages posed as fictitious news entities, while others used the names of existing news organizations or political opponents like the BNP.

Meta's investigation also revealed that this network had a presence on multiple platforms, including YouTube, X (formerly Twitter), TikTok, Telegram, and their own websites. The content, primarily in Bengali with some in English, included news and current events in Bangladesh, criticism of the BNP, allegations of BNP corruption, and supportive commentary about the Awami League. The accounts spent approximately $60 on ads, mostly in Bangladeshi takas.