SBU busts two Lviv-based bot farms reportedly involved in fake bomb threats

On 8 February, the Security Service of Ukraine (SBU) reported that its cyber experts "revealed and liquidated" two bot farms in the west-Ukrainian city of Lviv. The total capacity of the two was 18,000 fake mobile accounts. Such accounts can be used to register social media accounts, access the Internet using local mobile networks, or make mobile phone calls. According to preliminary information, the administrators of the bot farms were supervised by commissioners from the Russian Federation, the security agency says.

• Read also: Epidemic of hoax bomb threats in Ukraine part of Russia’s hybrid war, emergency service says

Bot farms in Lviv

The investigators found that three residents of Lviv Oblast were allegedly involved in illegal activities. Two suspects reportedly provided their apartments for hosting the equipment used to run the bot farms, while the third used to maintain the farms. SBU says that the bot farms worked predominantly on social media. In particular, they disseminated fake stories to instill panic. The investigators also revealed that the fake accounts maintained by the farms were used to publish false information about mines laid in various facilities, including social and critical infrastructure.

• Read also: Internet bots are key players in propelling disinformation

According to the Agency, during the searches, law enforcement officers found and seized:

• two sets of GSM gateways with 92 and 375 online channels respectively;
• 3,000 SIM cards of mobile operators;
• laptops with "evidence of illegal activity";
• draft accounting notes.

SBU has initiated criminal proceedings under Article 259 of the Criminal code of Ukraine, "deliberately false information about the threat to public safety, destruction or damage to property." The article envisages a penalty of two to eight years' imprisonment depending on the circumstances and ramifications of the offense.

Another bot farm in Zhytomyr

According to the agency, two residents of Zhytomyr used special Russian-developed software to mass-register fake social media accounts. The software reportedly enabled them to create accounts without using mobile communication services. 

• Read also: Ukraine’s security service busts Russian bot farm that undermined COVID-19 vaccination program

The suspects used to sell the mass-produced fake accounts to Russian customers, who paid using "non-banking payment systems banned in Ukraine" - allegedly WebMoney, Yandex.Money or some other Russia-based online payment system.

"Through these accounts, the aggressor state (Russia, - Ed.) disseminated destructive anti-Ukrainian content, including manipulative narratives, and carried out malign influence operations against our country," SBU reported, adding that these accounts were used to "spin disinformation and spread provocative material with the aim to destabilize domestic political situation across Ukraine."

Read more:

• Epidemic of hoax bomb threats in Ukraine part of Russia’s hybrid war, emergency service says
• Ukraine’s security service busts Russian bot farm that undermined COVID-19 vaccination program
• Amid Russian war scare, a “panic infrastructure” targeting Ukrainians unfolds in Facebook
• Ukraine’s Security Service says it neutralized over 2,000 cyberattacks in 2021
• SBU busts “anti-Ukrainian” anti-vaxx network with presumable Russian handlers, arrests leader
• Facebook takes down Ukrainian troll farm pages. Here is how they worked (2019)
• Zelenskyy prolongs ban on Russian social networks
• Russian troll farms behind campaign to topple Ukraine’s government (2016)
• Internet troll confession: “We provoke a new level of aggression in our victims"
• Internet bots are key players in propelling disinformation
• Bot accounts published 55% of Russian-language tweets about NATO in May-July