Iran General NewsIran's Global Social Media Propaganda Campaign

Iran’s Global Social Media Propaganda Campaign


Fire Eye

Iran Focus

London, 28 August – After being alerted by the vigilant researchers at the cybersecurity firm FireEye, Facebook, Google, and Twitter have deleted hundreds of accounts.

The FireEye team followed what looked to the untrained eye like unrelated threads for the last few month. They examined the phone numbers used by these accounts to sign up for Twitter, the emails they used to register domains, and the changes to their account names over time. The Iranian operation began to unravel.

FireEye published a report on Thursday, explaining exactly how their investigation played out, saying that the campaign followed a playbook similar to the one used by Russian propagandists at the Internet Research Agency during the 2016 election. However, the big difference was that the Russians staked out both sides of almost any issue — pitting Americans against each other in an aim to divide the country. The Iranian accounts, instead, supported their own domestic interests.

Lee Foster, manager of information operations analysis at FireEye explained,” The Russian accounts seemed to be designed to sow divisions between groups for the purpose of undermining trust in the democratic process, and creating a distraction within US politics.” Foster continued, “On the Iranian side, I get the sense that it was one-sided. We didn’t see pro- and anti-Palestinian content. We saw anti-Israeli commentary and pro-Palestinian commentary.”

The Russians posed as both Trump and Bernie Sanders supporters, but the Iran-linked websites and pages pushed anti-Trump content. Much of the network FireEye discovered seems to have been created in early 2017, after Trump assumed office.

Trump campaigned on overturning the Iran Nuclear Deal, which lifted economic sanctions on the country in exchange for tightened restrictions on Iran’s nuclear program. Trump exited the Deal in May of this year, heightening the danger of escalating cyberattacks from an already active Iran. In fact, last March, the US indicted nine Iranians for cyberattacks on 144 US universities. This week, the cybersecurity firm Secure works published a new report indicating that those attacks continue.

The main node promoting these messages in the United States was called Liberty Front Press, and the email address used to register the site appears to be associated with a web designer in Iran. It was also used to register a separate website in the network called Instituto Manquehue, which targeted Latin Americans with positive messages about the Venezuelan and Bolivian president, who have friendly relationships with Iran.

FireEye’s investigation began with Liberty Front Press and spread from there. “We looked at who else is pushing content from this site online, and we were able to identify additional clusters of accounts and look at what they are pushing,” Foster says. “Repeating the cycle, we end up with this network of these different inauthentic news sites and social media accounts.”

In addition to Instituto Manquehue, FireEye’s analysts found two additional networks masquerading as US news groups — US Journal and Real Progressive Front, and two sites purporting to be based in the United Kingdom — The British Left and Critics Chronicle.

These sites repeatedly focused on news regarding the Middle East, covering topics like the Syrian civil war and Palestinian rights. Much of the content was stolen from sites like RawStory, CNN, and Politico. Using open source tools, the researchers found that the Twitter accounts affiliated with these sites also stole pictures from stock photos and news stories to populate fake personas who were registered with phone numbers using Iran’s +98 country code. They also appeared to be most active at times that corresponded with the Iranian work week.

According to Foster, there is still more work to do analyzing the content of these accounts and pages. Much of it must come from the tech companies themselves. FireEye has no access to information about the audiences these pages and accounts amassed, or whether they were made up of authentic or inauthentic users. The team at FireEye will also continue to keep watch across all of these platforms for signs of what the big tech companies may have missed. “We’ll be continuing as if it was any other day,” Foster says, “looking for new activity, not just from Iran, but from wherever it may emanate.”

Representatives from the tech industry are reportedly gathering in San Francisco this week to share information about what types of information operations they’ve uncovered, and how they plan to tackle the problem going forward.

Latest news

The Untold Story of Iran Regime’s Assassinated Qods Force Commander

On the evening of May 22, IRGC Colonel Hassan Sayad Khodai, one of the senior commanders of the Iranian...

Not Even India Invests in Iran’s Ports

Over the past few years, India has been expanding Iran’s port of Chabahar, seeking to send goods through this...

Khamenei’s Wrong Decisions and Its Poisoning Result

In recent days, many demonstrations have taken place across Iran, protesting the Iranian regime’s decisions to increase the price...

Iran: Officials Promote Starving Citizens Under a ‘Great Economic Plan’

Over the past four decades, the Iranian regime has been infamous for making false statements. As a result, citizens...

After Coronavirus, Iran’s Regime Kills People Through Starvation

Multiple protests have recently erupted in various cities across Iran, following the 100 to 400 percent increase in the...

Requirements for a Simple Life in Iran; the Unattainable Dream

It is no exaggeration to say that Iran's economy is in a major freefall. All economic indicators are suggesting...

Must read

EU Puts New Sanctions on Iran for Terror Plots

By Jubin Katiraie The EU has imposed new sanctions...

Six hanged in central Iran

Iran Focus: Tehran, Iran, Jul. 03 - Iranian authorities...

You might also likeRELATED
Recommended to you