by Eve Bolton, George Slade, and Tom Stewart-Smith
by Eve Bolton, George Slade, and Tom Stewart-Smith
After news broke of gas leaks in the Nord Stream pipeline in September 2022, the US and Russia blamed each other, with accusations of sabotage being cast in both directions. With Twitter at the centre of the discussion, pro-Russian tweets implicated the US, and later the UK, with unsubstantiated claims and disinformation. Using our technology to understand and analyse the disinformation at play, we detail our findings in this fascinating real-life case study.
Weeks before Elon Musk became owner of Twitter and Liz Truss resigned as Prime Minister, news headlines reported on several gas leaks in the Nord Stream pipeline, an event that had huge implications politically. Many countries, including the US, blamed Russia for damaging the pipeline, with President Biden stating that Russia performed a “deliberate act of sabotage”. A day later, President Putin cast blame back on to the US and allies, stating “the sanctions were not enough for the Anglo-Saxons: they moved on to sabotage”.
Twitter was at the centre of the discussion, with disinformation that backed up Russian allegations appearing and spreading on the social platform. We’ve used our technology to understand and analyse the disinformation at play on Twitter on two specific dates, 29 and 30 September 2022, when news of the Nord Stream gas leaks had broken and the debate was at its peak.
English language tweets: negating disinformation on Nord Stream
We looked at different buzzword combinations in use on Twitter to understand what was being said and who was saying it, and analysed our findings. Looking at combinations of the terms “Nordstream”, “US”, and “Biden”, we found that the majority of tweets in the English language aimed to negate anti-US disinformation about the pipeline leaks. The most-liked tweet containing the terms “Nordstream” and “US” was from @BLSchmitt, who has a significant number of followers. He shares a video of President Biden that other accounts had edited to make it seem like he is saying “shut down Nordstream”. @BLSchmitt exposes the disinformation by showing the video in its original context, in which it is clear that is not what the President is saying.
Francophone tweets and their role in spreading disinformation
For combinations of the terms “Nordstream”, “Biden”, and “Sabotage”, most of the posts were in French, with several of the highest-profile tweets coming from French-speaking anti-American politicians. Francois Asselineau of the (anti-American) Popular Republican Union posted a poll creating an illusion of popular belief in US responsibility for the pipeline damage, and French politician Nicolas Dupont-Aignan, the Eurosceptic and nationalist leader of the minor right-wing party Debout la France, also posted a tweet hinting at Biden involvement.
Dupont-Aignan’s tweet, posted on 29 September to his 350,000 followers, was retweeted numerous times. There are signs that much of the retweeting activity was from tactical or bot accounts: most of the retweets were in the hours immediately following the tweet’s initial publication, and of the 12 accounts with over 10,000 followers that retweeted it, not one was a verified account. They include a French politician who visited Crimea after the annexation, a Haitian meme account, and a Quebecois actress turned Covid conspiracy theorist.
Further analysis reveals that most of the accounts that tweeted in French during this time period using the buzzwords we tracked were newly-created, many of them in April 2022, correlating with the first round of the French presidential election when the majority of votes went to NATO-sceptic candidates. This suggests the accounts may have been created with the intention of influencing French voters’ views and spreading disinformation, retweeting right-wing, Eurosceptic or conspiratorial views. A further 15 accounts were created on 27 February 2022, immediately after Russia’s invasion of Ukraine: possibly a pre-emptive move by pro-Russian propagandists to create a network of active twitter bots to boost the engagement of Russian sympathisers.
Identifying bots in the conversation
Bots are automated Twitter accounts programmed to perform tasks that resemble those of everyday users such as liking tweets, but their purpose is to tweet and retweet content with specific aims on a large scale. They have become central to the proliferation of disinformation on Twitter, with some countries being accused of using bots for political gain. We carried out further analysis to identify whether bots could have been at play in the Twitter coverage of Nord Stream.
Building on our analysis of Francophone disinformation, a closer look at the most active accounts posting tweets containing “Nordstream” and “Sabotage” reveals red flags suggesting bot activity. All the accounts with more than six tweets on the topic appear to be either spam accounts or real people boosting journalists. However, a group of 12 accounts with six or fewer tweets on the topic exhibited bot-like behaviour: they all retweeted from the same pool of posts within a similar timeframe. This pool of posts includes the tweets we’ve already mentioned, other tweets from prominent French far-right figures suggesting US involvement in the Nord Stream attack, and retweets of a post from an unverified account linking to a dubious source alleging that US ships were present.
The role of bots in shifting the narrative
On 29 October 2022, the Russian Defence Ministry alleged for the first time that the UK’s Royal Navy had been behind the sabotage of the Nord Stream gas pipeline, shifting the blame from the US to the UK. Analysis suggests that many of the same social media tactics were redeployed to help propagate this new Russian narrative.
Again, verified accounts of nominally non-Russian-affiliated figures supported the Kremlin line, and their tweets were subsequently amplified by suspected bot accounts. The social media campaign also retained the Francophone focus of the previous one, with figures such as François Asselineau shifting the blame from the US to the UK in line with Russian allegations. The accounts retweeting this post also had suspicious qualities, with some of those who had previously retweeted posts alleging US involvement now retweeting this one pointing the finger at the UK.
Closer inspection of accounts that mentioned “Biden” and “Nordstream”, and those that mentioned “Truss” and “Nordstream”, showed an incredible degree of consistency, suggesting a coordinated promotion of specific posts. Of 40 accounts that mentioned these keyword pairs, 33 of them resembled the bots from earlier in the month, promoting conspiracy accounts from the same pool of tweets. And for the accounts most active on the topic of “Truss” and Nordstream” there was a cut-off point of four tweets for accounts with conventional bot behaviour, resembling earlier activity in which suspected bot accounts would limit the number of posts on the topic within the timeframe.
How unsubstantiated claims of UK involvement spread
A further unsubstantiated claim emerged, claiming that the evidence for the Russian accusation of UK involvement in Nord Stream was a leaked text from then UK Prime Minister Liz Truss to US Secretary of State Antony Blinken saying “It’s done”, a message supposedly discovered in the wake of the confirmed hacking of the PM’s phone by Kremlin-aligned actors. The claim seems to have originated from KimDotcom, an internet entrepreneur and conspiracy theorist.
Again, this post was promoted by the French-speaking suspected bot accounts who had retweeted the same combination of tweets as each other in September and earlier in October.
However, this allegation spread further than French-speaking Twitter. The highest-engagement tweet between 29 October (when the Truss hacking story broke) and 31 October was an English-language tweet from a pro-Russian verified account, and other unusual forms of engagement included a retweet from an account that otherwise posted exclusively in Russian.
Despite Liz Truss being a British politician, the geolocation of accounts mentioning “Truss” and “Nordstream” closely resembled “Biden” and “Nordstream”, with the largest concentration of users being in France, both suggesting a link and adding weight to the theory that the US- and NATO-sceptic political culture in France makes it a better region for pro-Russian propagandists to target.
Analysis: a case study of the way disinformation spreads on Twitter
Our analysis of Twitter activity in the aftermath of the recent Nord Stream gas leaks points to the coordinated promotion of posts (including the use of bots), largely from within the French-speaking world, to retweet unsubstantiated claims and disinformation implicating the US and the UK. The pattern of behaviour is consistent with bot activity: tweets outlining conspiracies that favour Russia were repeatedly posted by relatively well-known fringe figures, after which suspected bots would retweet these original tweets a specified number of times. These findings are further validated by the emergence of a similar pattern of activity when the narrative of the accusations shifted from the USA to the UK.
This case study provides an example of how Twitter can be used in a coordinated way to spread disinformation, generate exposure for a political cause, and create the illusion of authenticity. As well as giving an insight into the way we at Digitalis use our software and expert analysis to investigate online narratives and identify how they emerge online, it demonstrates some of the methods commonly deployed on Twitter. It shows how there is often more than meets the eye when it comes to the tweets and retweets we engage with every day, and acts as a note of caution for us all when engaging with social media.
Privacy Policy.
Revoke consent.
© Digitalis Media Ltd. Privacy Policy.
Digitalis
We firmly believe that the internet should be available and accessible to anyone, and are committed to providing a website that is accessible to the widest possible audience, regardless of circumstance and ability.
To fulfill this, we aim to adhere as strictly as possible to the World Wide Web Consortium’s (W3C) Web Content Accessibility Guidelines 2.1 (WCAG 2.1) at the AA level. These guidelines explain how to make web content accessible to people with a wide array of disabilities. Complying with those guidelines helps us ensure that the website is accessible to all people: blind people, people with motor impairments, visual impairment, cognitive disabilities, and more.
This website utilizes various technologies that are meant to make it as accessible as possible at all times. We utilize an accessibility interface that allows persons with specific disabilities to adjust the website’s UI (user interface) and design it to their personal needs.
Additionally, the website utilizes an AI-based application that runs in the background and optimizes its accessibility level constantly. This application remediates the website’s HTML, adapts Its functionality and behavior for screen-readers used by the blind users, and for keyboard functions used by individuals with motor impairments.
If you’ve found a malfunction or have ideas for improvement, we’ll be happy to hear from you. You can reach out to the website’s operators by using the following email webrequests@digitalis.com
Our website implements the ARIA attributes (Accessible Rich Internet Applications) technique, alongside various different behavioral changes, to ensure blind users visiting with screen-readers are able to read, comprehend, and enjoy the website’s functions. As soon as a user with a screen-reader enters your site, they immediately receive a prompt to enter the Screen-Reader Profile so they can browse and operate your site effectively. Here’s how our website covers some of the most important screen-reader requirements, alongside console screenshots of code examples:
Screen-reader optimization: we run a background process that learns the website’s components from top to bottom, to ensure ongoing compliance even when updating the website. In this process, we provide screen-readers with meaningful data using the ARIA set of attributes. For example, we provide accurate form labels; descriptions for actionable icons (social media icons, search icons, cart icons, etc.); validation guidance for form inputs; element roles such as buttons, menus, modal dialogues (popups), and others. Additionally, the background process scans all of the website’s images and provides an accurate and meaningful image-object-recognition-based description as an ALT (alternate text) tag for images that are not described. It will also extract texts that are embedded within the image, using an OCR (optical character recognition) technology. To turn on screen-reader adjustments at any time, users need only to press the Alt+1 keyboard combination. Screen-reader users also get automatic announcements to turn the Screen-reader mode on as soon as they enter the website.
These adjustments are compatible with all popular screen readers, including JAWS and NVDA.
Keyboard navigation optimization: The background process also adjusts the website’s HTML, and adds various behaviors using JavaScript code to make the website operable by the keyboard. This includes the ability to navigate the website using the Tab and Shift+Tab keys, operate dropdowns with the arrow keys, close them with Esc, trigger buttons and links using the Enter key, navigate between radio and checkbox elements using the arrow keys, and fill them in with the Spacebar or Enter key.Additionally, keyboard users will find quick-navigation and content-skip menus, available at any time by clicking Alt+1, or as the first elements of the site while navigating with the keyboard. The background process also handles triggered popups by moving the keyboard focus towards them as soon as they appear, and not allow the focus drift outside of it.
Users can also use shortcuts such as “M” (menus), “H” (headings), “F” (forms), “B” (buttons), and “G” (graphics) to jump to specific elements.
We aim to support the widest array of browsers and assistive technologies as possible, so our users can choose the best fitting tools for them, with as few limitations as possible. Therefore, we have worked very hard to be able to support all major systems that comprise over 95% of the user market share including Google Chrome, Mozilla Firefox, Apple Safari, Opera and Microsoft Edge, JAWS and NVDA (screen readers), both for Windows and for MAC users.
Despite our very best efforts to allow anybody to adjust the website to their needs, there may still be pages or sections that are not fully accessible, are in the process of becoming accessible, or are lacking an adequate technological solution to make them accessible. Still, we are continually improving our accessibility, adding, updating and improving its options and features, and developing and adopting new technologies. All this is meant to reach the optimal level of accessibility, following technological advancements. For any assistance, please reach out to webrequests@digitalis.com