Facebook and Twitter uncover 'coordinated' global misinformation operations on huge scale

Sign up to our free weekly IndyTech newsletter delivered straight to your inbox

Sign up to our free IndyTech newsletter

Please enter a valid email address

Please enter a valid email address

SIGN UP

I would like to be emailed about offers, events and updates from The Independent. Read our privacy policy

Technology experts have uncovered a vast misinformation campaign attempting to spread stories on a hugescale.

Facebook, and Twitter have found and removed hundreds of accounts that were apparently set up to target users in the US, UK, Latin America and the Middle East. But it is not clear what the campaign was being used for.

The accounts appear to have been tied to Iranian actors and cybersecurity firms said they had appeared to be promoting Iran's geopolitical agenda around the world.

But whether the campaign was being set up to launch any more specific or targeted attack remains unclear. Experts also said they were quite sure about the Iranian connection but not who exactly was controlling the vast web of accounts.

Investigations are ongoing into how exactly the massive misinformation network was able to form and what it was going to be used for.

"There's a lot we don't know yet," Facebook boss Mark Zuckerberg said.

"You're going to see people try to abuse the services in every way possible ... including now nation states," he said. He described the deception campaigns as "sophisticated and well-funded efforts that aren't going to stop."

Russia has been linked to similar online influence campaigns, including an effort to sow political divisions among US voters, but FireEye said its findings showed that the same tactics are now being used for different aims.

"It really shows it's not just Russia that engages in this type of activity," Lee Foster, an information operations analyst with FireEye, told Reuters.

The firm said the Iranian activity included "anti-Saudi, anti-Israeli, and pro-Palestinian themes" and advocacy of policies favorable to Iran such as the US-Iran nuclear deal.

The Iranian mission to the United Nations did not respond to a request for comment.

The finding comes as concerns are rising about foreign attempts to disrupt the U.S. midterm election in November.

Microsoft on Monday said that hackers linked to the Russian government sought to steal email login credentials from U.S. politicians and think tanks.

FireEye said the Iranian activity did not appear "dedicated" to influencing the upcoming election, though some of the posts aimed at U.S. users did adopt "left-leaning identities" and took stances against President Donald Trump.

That activity "could suggest a more active attempt to influence domestic US political discourse" is forthcoming, Foster said, but "we just haven't seen that yet."

FireEye said the US-focused activity ramped up last year, just months after Trump took office, with websites and social media accounts posting memes and articles, some of which were apparently copied from legitimate U.S. and Iranian news outlets.

In some cases, the domains for the fake websites like "US Journal" and "Liberty Free Press" were originally registered years before the 2016 election, in 2014 and 2013, but most remained inactive until last year, FireEye said.

Arabic-language, Middle East-focused websites appear to be part of the same campaign, the company added.

The technology companies variously said they linked the accounts to Iran based on user phone numbers, email addresses, website registration records and the timing of account activity matching Iranian business hours.

FireEye expressed "moderate confidence" about the Iranian origins, but said it has not been able to tie the accounts back to a specific organization or individuals.

Hundreds of thousands of people followed one or more of the Facebook pages implicated in the campaign, Facebook said.

It shared examples of removed posts, including a cartoon depicting an Israeli soldier executing a Palestinian and a fake movie poster showing President Trump embracing North Korean leader Kim Jong-un.

Postings cited by FireEye expressed praise for US politicians and other Twitter users who criticized the Trump administration's decision in May to abandon the Iranian nuclear pact, under which Iran had agreed to curb its nuclear weapons program in exchange for loosening of sanctions.

Some Twitter and Facebook accounts were designed to appear as if they were real people in the US, Britain and Canada, according to FireEye. The accounts used a combination of different hashtags to engage in U.S. culture, including "#lockhimup," "#impeachtrump" and "notmypresident."

Twitter, which called the effort "coordinated manipulation," said it removed 284 accounts.

Facebook said it removed 254 pages and 392 accounts across its flagship platform as well as its Instagram service. Some of the accounts had events and groups associated with them.

The accounts spent about $12,000 to advertise through Facebook and Instagram using a variety of currencies, Facebook said. The company said it had notified the U.S. Treasury and State departments of the purchases, which may potentially violate sanctions.

Alphabet, which includes Google and YouTube, did not respond to a request to comment.

Facebook said on Tuesday that it also removed some accounts tied to "sources the US government has previously identified as Russian military intelligence services."

Those accounts engaged in "inauthentic behavior" related to politics in Syria and Ukraine, Facebook said, while noting that the activity does not appear linked to the Iran campaign.

Facebook last month removed 32 pages and accounts tied to another misinformation campaign without describing its origins.

Additional reporting by agencies