Iran implicated in disinformation campaign as Facebook removes hundreds of accounts
Facebook has removed another batch of pages, groups and accounts for "coordinated inauthentic behavior." This time originating in Iran, the pages targeted hundreds of thousands of people across the Middle East, Latin America, UK and US with political content designed to shape their opinions.
Just a few weeks ago, Facebook revealed it had removed multiple pages suspected to have suspicious political motivations from its platform. Now it has revealed a second large-scale removal of 652 pages, groups and accounts, this time allegedly originating from Iran.
The suspicious activity was apparently first revealed to Facebook back in July after a cybersecurity firm called FireEye notified the company of what they deemed to be a "suspected influence campaign." The network of accounts reportedly originated within Iran but was aimed at leveraging a variety of associated accounts disseminating anti-Saudi, anti-Israeli, and pro-Palestinian themes.
"Broadly speaking, the intent behind this activity appears to be to promote Iranian political interests, including anti-Saudi, anti-Israeli, and pro-Palestinian themes, as well as to promote support for specific U.S. policies favorable to Iran, such as the U.S.-Iran nuclear deal (JCPOA)," FireEye explains in a post outlining its initial analysis. "In the context of the U.S.-focused activity, this also includes significant anti-Trump messaging and the alignment of social media personas with an American liberal identity."
Due to the broad reach of these interference campaigns, FireEye suggests the goal was not to specifically disrupt the upcoming United States midterm elections but rather more generally shape political discourse around the world.
Alongside this massive batch of Iranian accounts, Facebook has revealed it also removed an undisclosed number of pages, groups and accounts that US government sources have reliably connected with Russian intelligence services. The new disruptive Russian sources were noted to be not explicitly involved in US-targeted activities, but rather more focused on Syria and Ukraine, disseminating pro-Russia and pro-Assad propaganda.
The new revelation from Facebook comes just one day after Microsoft's Digital Crimes Unit announced it had successfully petitioned a US federal court to transfer control of six internet domains claimed to be fronts for phishing operations. The six domains transferred to Microsoft's control were alleged to be associated with a Russian military intelligence group known as Strontium.
Brad Smith, president and chief legal officer of Microsoft, suggests that Strontium's acquisition of these domains mirrors activity seen in the 2016 US election and the 2017 French election. The activity is designed to target elected officials and political groups in the United States, but these new domains present a broadening of targets.
"One appears to mimic the domain of the International Republican Institute, which promotes democratic principles and is led by a notable board of directors, including six Republican senators and a leading senatorial candidate," writes Smith, describing the types of domains recently claimed from Strontium's control. "Another is similar to the domain used by the Hudson Institute, which hosts prominent discussions on topics including cybersecurity, among other important activities. Other domains appear to reference the U.S. Senate but are not specific to particular offices."
"We're working closely with US law enforcement on this investigation, and we appreciate their help," said Facebook's head of cybersecurity policy, Nathaniel Gleicher, in a statement. "These investigations are ongoing – and given the sensitivity we aren't sharing more information about what we removed."
Source: Facebook Newsroom