Cambridge Analytica illegally kept a massive trove user data from Facebook, worked with Russians

By: ( +David Herron; Date: March 18, 2018

Tags: Facebook » Social Media Warfare

Cambridge Analytica, funded by the Mercer Family for manipulating the public to a hard-line-right-wing political, illegally collected a massive trove of Facebook user data, then used Big Data techniques to develop highly targeted advertising meant to influence public opinion. The company was founded when a young computer science researcher focusing on big data machine learning techniques met the Mercers, who promised to give him a free hand and fund his research. What resulted was a massive information warfare weapon used by the Mercer's, and their puppet at Breitbart News Steve Bannon, to manipulate public opinion.

Oh ... and ... there are Kremlin/Putin-connected Russians mixed all through the story.

The issue here for Techsparx readers is a big warning -- when we play those silly games on social media networks, pay close attention to the access being requested. What Cambridge Analytica did is create viral games that then collected data from not only the Facebook profile of the person who played the game, but all their friends, and all their likes, and postings, and everything else.

The information here comes from reporting by the NY Times and the Guardian (a well-respected newspaper based in London England). They rely heavily on information provided by Christopher Wylie, a Canadian-born genius who was in England studying big data technologies with the purpose of determining social and political influences.

To Wylie it was all an intellectual exercise. He had gained some practical knowledge of using data science technologies while working for the Lib Dems party in Great Britain. While working for that party he told the Lib Dems the data showed they'd lose a bunch of seats, and they scoffed the idea, but the party ended up losing many more seats than Wylie predicted. But a contact in the party led him to working for the SCL Group, and further contacts led to an investment by the Mercer family that launched Cambridge Analytica.

Cambridge Analytica is a "data analytics" firm that played a role in electing Donald Trump as President of the USA, and in getting Great Britain to vote BREXIT.

Wylie was a high school dropout who, by 24 years old, was getting a PhD at Cambridge Univ (England) in "fashion trend forecasting". He's a genius who didn't fit very well with high school, but was able to shine at a good University. He then developed an idea of using Facebook to gather the Facebook profiles of millions of US citizens, with an eye to developing highly targeted Facebook ads.

The key was to develop an app for Facebook - like a personality quiz. But in the process of running the app, the user gives the app owner permission to access their data, and in the case of Cambridge Analytica they misused access to that data in several ways. In order to run the app the Facebook user must agree to give access to certain account information.

This is fairly normal - anytime we use Facebook or Twitter et al credentials to log-in to a website, we are asked whether to grant authorization to access that account. There are different levels of access, and the sort of access gets described during the process of granting authorization. The process is governed by one of the standard Internet Protocols - OAuth - and is extremely widely used for authentication and authorization.

Typical OAuth authorization request flow -- From: ``
Typical OAuth authorization request notification -- From: ``

These two images show how the OAuth protocol works. A user clicks on a "Sign in with Facebook/Twitter/etc" button, and that starts a dance described in the OAuth protocol. Part of that dance is a notification of the level of access being requested.

What these researchers did was request extremely broad access to not only the Facebook profile of the person, but the profile of all their friends. As we'll see shortly, that greatly amplified the amount of data they could collect.

They also violated Facebook's rules - by retaining the data longer than allowed, and more importantly sharing the data with other companies. Yesterday Facebook proclaimed they'd blocked Cambridge Analytica and the SCL group from Facebook. But that's like bolting the barn doors after the horses have fled. Especially as Cambridge Analytica has demonstrated an ability to work through 3rd party companies.

It was someone in the Lib Dems party who introduced Christopher Wylie to SCL Elections, a subsidiary of the SCL Group. According to The Guardian, Alexander Nix, then CEO of SCL Elections, made Wylie an offer he couldn’t resist. “He said: ‘We’ll give you total freedom. Experiment. Come and test out all your crazy ideas.’” Wylie didn't think it through, and leapt at the opportunity.

SCL was described by The Guardian as "a nexus of defence and intelligence projects, private contractors and cutting-edge cyberweaponry". The company worked in "information operations" and had contracts with both the British and USA governments to work on a wide range of secretive operations.

Within a few months, Wylie met Steve Bannon. Bannon at the time was head of Breitbart News, and was being funded by the Mercers. The elder Mercer made zillions of dollars as a hedge fund manager using data science to drive investment decisions, and the clan was deeply involved with funding the Alt-Right movement and seeking to subvert Democracy to establish a right-wing nirvana.

The Mercers ended up funding the development of Cambridge Analytica.

Wylie / Cambridge Analytica also partnered with another researcher, Dr. Aleksandr Kogan, a Moldovan who's spent a lot of time in Russia. Kogan developed a game that became viral and also collected lots of Facebook user data. The game was played by about 320,000 people, but because it asked for access to their friends Facebook user data, they were able to collect data on about 50 million people.

According to Facebook's rules - a company is not allowed to transfer collected user data to another organization. The data is for their own use, and there is a strict time period the data is allowed to be retained. However, Kogan's company, Global Science Research (GSR), did both those things.

Facebook could see that a massive amount of data was being collected. Facebook contacted GSR, and when Kogan said it was for research purposes Facebook apparently said 'Fine'.

Kogan is not only a Researcher at Cambridge University, but holds an associate Professorship at St. Petersburg University (Russia).

Another Russia connection came when Cambridge Analytica had to write up a memo describing their methodologies to Lukoil, a giant Russian oil company whose CEO, Vagit Alekperov, is closely linked to Vladimir Putin.

Cambridge Analytica did not rely solely on data gathered via Facebook. The company also bought consumer marketing datasets, matching it up with the Facebook profile data. The goal was to collect as much data as possible about everyone, and use that data to craft personalized messaging.

The key was to find “persuadable” voters who could be triggered, for example, with images of immigrants “swamping” the country. The key is finding emotional triggers for each individual voter.

The articles describe Cambridge Analytica as being different from a normal company. Instead of being driven to be profitable, the Mercers simply funded the company to further their political aims.

From one of the Guardian's articles:

Tamsin Shaw, an associate professor of philosophy at New York University, helps me understand the context. She has researched the US military’s funding and use of psychological research for use in torture. “The capacity for this science to be used to manipulate emotions is very well established. This is military-funded technology that has been harnessed by a global plutocracy and is being used to sway elections in ways that people can’t even see, don’t even realise is happening to them,” she says. “It’s about exploiting existing phenomenon like nationalism and then using it to manipulate people at the margins. To have so much data in the hands of a bunch of international plutocrats to do with it what they will is absolutely chilling.

“We are in an information war and billionaires are buying up these companies, which are then employed to go to work in the heart of government. That’s a very worrying situation.”


The Guardian - ‘I made Steve Bannon’s psychological warfare tool’: meet the data war whistleblower ( Is an interview with Christopher Wylie, founder of Cambridge Analytica, and how he unwittingly (so he claims) caused this weapon of information warfare.

The Guardian - The Cambridge Analytica Files - ( - A trove of other reporting on Cambridge Analytica

NY Times - How Trump Consultants Exploited the Facebook Data of Millions - ( -- Another interview with Christopher Wylie

The Guardian - Revealed: 50 million Facebook profiles harvested for Cambridge Analytica in major data breach - (

The Guardian - Cambridge Analytica: links to Moscow oil firm and St Petersburg university - (

The Guardian - The great British Brexit robbery: how our democracy was hijacked - (

The Guardian - Robert Mercer: the big data billionaire waging war on mainstream media - (

The Guardian - ‘Dark money’ is threat to integrity of UK elections, say leading academics - (

Facebook announces suspension of Cambridge Analytica and parent company Strategic Communication Laboratories (SCL) - ( Among other things in the statement, Facebook said this:

We Maintain Strict Standards and Policies

Protecting people’s information is at the heart of everything we do, and we require the same from people who operate apps on Facebook. In 2015, we learned that a psychology professor at the University of Cambridge named Dr. Aleksandr Kogan lied to us and violated our Platform Policies by passing data from an app that was using Facebook Login to SCL/Cambridge Analytica, a firm that does political, government and military work around the globe. He also passed that data to Christopher Wylie of Eunoia Technologies, Inc.

Like all app developers, Kogan requested and gained access to information from people after they chose to download his app. His app, “thisisyourdigitallife,” offered a personality prediction, and billed itself on Facebook as “a research app used by psychologists.” Approximately 270,000 people downloaded the app. In so doing, they gave their consent for Kogan to access information such as the city they set on their profile, or content they had liked, as well as more limited information about friends who had their privacy settings set to allow it.

Although Kogan gained access to this information in a legitimate way and through the proper channels that governed all developers on Facebook at that time, he did not subsequently abide by our rules. By passing information on to a third party, including SCL/Cambridge Analytica and Christopher Wylie of Eunoia Technologies, he violated our platform policies. When we learned of this violation in 2015, we removed his app from Facebook and demanded certifications from Kogan and all parties he had given data to that the information had been destroyed. Cambridge Analytica, Kogan and Wylie all certified to us that they destroyed the data.

« Facebook, OAuth authorization protocol, user responsibility, Facebook responsibility Is purchasing a domain required for building a website »
2016 Election 2018 Elections Acer C720 Ad block Affiliate marketing Air Filters Air Quality Air Quality Monitoring AkashaCMS Amazon Amazon Kindle Amazon Web Services America Amiga and Jon Pertwee Android Anti-Fascism AntiVirus Software Apple Apple Flexgate Apple Hardware History Apple Hardware Mistakes Apple iPhone Apple iPhone Hardware April 1st Arduino ARM Compilation Artificial Intelligence Astronomy Astrophotography Asynchronous Programming Authoritarianism Automated Social Posting AWS DynamoDB AWS Lambda Ayo.JS Bells Law Big Brother Big Data Big Finish Big Science Bitcoin Mining Black Holes Blade Runner Blockchain Blogger Blogging Books Botnets Cassette Tapes Cellphones China China Manufacturing Christopher Eccleston Chrome Chrome Apps Chromebook Chromebox ChromeOS CIA CitiCards Citizen Journalism Civil Liberties Climate Change Clinton Cluster Computing Command Line Tools Comment Systems Computer Accessories Computer Hardware Computer Repair Computers Conservatives Cross Compilation Crouton Cryptocurrency Curiosity Rover Currencies Cyber Security Cybermen Cybersecurity Daleks Darth Vader Data backup Data Formats Data Storage Database Database Backup Databases David Tenant DDoS Botnet Department of Defense Department of Justice Detect Adblocker Developers Editors Digital audio Digital Nomad Digital Photography Diskless Booting Disqus DIY DIY Repair DNP3 Do it yourself Docker Docker MAMP Docker Swarm Doctor Who Doctor Who Paradox Doctor Who Review Drobo Drupal Drupal Themes DVD E-Books E-Readers Early Computers eGPU Election Hacks Electric Bicycles Electric Vehicles Electron Eliminating Jobs for Human Emdebian Encabulators Energy Efficiency Enterprise Node EPUB ESP8266 Ethical Curation Eurovision Event Driven Asynchronous Express Face Recognition Facebook Fake Advertising Fake News Fedora VirtualBox Fifth Doctor File transfer without iTunes FireFly Flash Flickr Fraud Freedom of Speech Front-end Development G Suite Gallifrey Gig Economy git Github GitKraken Gitlab GMAIL Google Google Chrome Google Gnome Google+ Government Spying Great Britain Green Transportation Hate Speech Heat Loss Hibernate High Technology Hoax Science Home Automation HTTP Security HTTPS Human ID I2C Protocol Image Analysis Image Conversion Image Processing ImageMagick In-memory Computing InfluxDB Infrared Thermometers Insulation Internet Internet Advertising Internet Law Internet of Things Internet Policy Internet Privacy iOS iOS Devices iPad iPhone iPhone hacking Iron Man iShowU Audio Capture iTunes Janet Fielding Java JavaFX JavaScript JavaScript Injection JDBC John Simms Journalism Joyent Kaspersky Labs Kext Kindle Kindle Marketplace Large Hadron Collider Lets Encrypt LibreOffice Linux Linux Hints Linux Single Board Computers Logging Mac Mini Mac OS Mac OS X MacBook Pro Machine Learning Machine Readable ID Macintosh macOS macOS High Sierra macOS Kext MacOS X setup Make Money Online Make Money with Gigs March For Our Lives MariaDB Mars Mass Violence Matt Lucas MEADS Anti-Missile Mercurial MERN Stack Michele Gomez Micro Apartments Microsoft Military AI Military Hardware Minification Minimized CSS Minimized HTML Minimized JavaScript Missy Mobile Applications Mobile Computers MODBUS Mondas Monetary System MongoDB Mongoose Monty Python MQTT Music Player Music Streaming MySQL NanoPi Nardole NASA Net Neutrality Network Attached Storage Node Web Development Node.js Node.js Database Node.js Performance Node.js Testing Node.JS Web Development Node.x North Korea npm NVIDIA NY Times Online advertising Online Community Online Fraud Online Journalism Online News Online Photography Online Video Open Media Vault Open Source Open Source and Patents Open Source Governance Open Source Licenses Open Source Software OpenAPI OpenJDK OpenVPN Palmtop PDA Patrick Troughton PayPal Paywalls Personal Flight Peter Capaldi Peter Davison Phishing Photography PHP Plex Plex Media Server Political Protest Politics Postal Service Power Control President Trump Privacy Private E-mail server Production use Public Violence Raspberry Pi Raspberry Pi 3 Raspberry Pi Zero ReactJS Recaptcha Recycling Refurbished Computers Remote Desktop Removable Storage Renewable Energy Republicans Retro Computing Retro-Technology Reviews RFID Rich Internet Applications Right to Repair River Song Robotics Robots Rocket Ships RSS News Readers rsync Russia Russia Troll Factory Russian Hacking Rust SCADA Scheme Science Fiction SD Cards Search Engine Ranking Season 1 Season 10 Season 11 Security Security Cameras Server-side JavaScript Serverless Framework Servers Shell Scripts Silence Simsimi Skype SmugMug Social Media Social Media Networks Social Media Warfare Social Network Management Social Networks Software Development Software Patents Space Flight Space Ship Reuse Space Ships SpaceX Spear Phishing Spring Spring Boot Spy Satellites SQLite3 SSD Drives SSD upgrade SSH SSH Key SSL Stand For Truth Strange Parts Swagger Synchronizing Files Tegan Jovanka Telescopes Terrorism The Cybermen The Daleks The Master Time-Series Database Tom Baker Torchwood Total Information Awareness Trump Trump Administration Trump Campaign Twitter Ubuntu Udemy UDOO US Department of Defense Video editing Virtual Private Networks VirtualBox VLC VNC VOIP Vue.js Walmart Weapons Systems Web Applications Web Developer Resources Web Development Web Development Tools Web Marketing Webpack Website Advertising Website Business Models Weeping Angels WhatsApp William Hartnell Window Insulation Windows Windows Alternatives Wordpress World Wide Web Yahoo YouTube YouTube Monetization