x

Abu Dhabi, UAETuesday 11 December 2018

Iran disinformation campaign reaches 15 countries and more than half a million people

Global influence operation targets volatile areas of the world such as Egypt and Yemen, new report shows

The Iranian hacker group sent spear phishing emails to its targets between July 2 and July 29. AP
The Iranian hacker group sent spear phishing emails to its targets between July 2 and July 29. AP

Iran’s disinformation operation across Facebook, Twitter and Instagram spans 15 countries and reaches more than half a million people every month, according to a new investigation.

The Tehran-based network includes more than 70 websites that push propaganda in support of the Islamic Republic’s policies, Reuters found.

The Iranian cyber-effort was revealed by security company FireEye in August, leading to social media companies removing hundreds of social media accounts linked to Tehran. But the true scale of the influence operation is slowly being uncovered by cybersecurity experts, social media firms and journalists.

The dozens of sites have been active since 2012, disguise themselves as regular news outlets and are promoted by social media accounts that boast more than a million followers. Some of the front outlets even pretend to be based in other countries when really they are being run out of the Iranian capital.

One news outlet, according to Reuters, alleged that it was based in Tahrir Square in the Egyptian capital, Cairo. Nile Net Online promised its Egyptian audience “true news” in a bid to “expand the scope of freedom of expression in the Arab world”.

But a location search showed that its office pointed to the middle of a road, and not a true location anywhere in Cairo. Its phone numbers did not work and locals had never heard of the site. Egypt is a strict censor of internet content and the ability of the operation to reach an Egyptian audience with pro-Iranian news and views is significant.

The Twitter logo is seen on a sign at the company's headquarters in San Francisco, California. AFP
The Twitter logo is seen on a sign at the company's headquarters in San Francisco, California. AFP

The investigation found that the Iranian operation is targeting volatile areas of the Middle East, such as Egypt and Yemen, where the Arab Coalition is battling Iran-backed Houthi rebels after their overrun of population centres in 2014. Ten of the 70 or more sites were focused on targeting readers in Yemen.

It also targeted readers in Sudan and Russia. Sudan has switched allegiances from Tehran to Riyadh and is a core target of the operation. A site in the Iranian-linked network is Sudan Today which receives more than 100,000 unique visitors every month. The website is based at a fake address and its numbers, like Nile Net, do not work.

The front site for Sudanese readers does not only include news that aligns with Iran’s views, but coverage intended to incite the population. It covers topics such as bread prices in the country, the subject of protests earlier this year.

_______________

Read more:

Iran's Zarif slams Twitter for 'influence op' crackdown

Iran hackers ramping up attacks on Gulf energy firms

Inside Iran's disinformation campaign on the West

_______________

One of the sites, entitled Another Western Dawn, duped the Pakistan Defence Minister into threatening Israel with nuclear war on social media in 2016, based on a fake news article.

The core target of the network of sites are Iran’s predominant adversaries: Israel, Saudi Arabia and the United States. One site runs constant updates about alleged Saudi “crimes” in Yemen.

These sites have a much broader reach than those revealed by FireEye, which only revealed six websites in its probe. The newly-revealed batch of websites deliver news in up to 16 languages, including Urdu and Azerbaijani.

Iran's disinformation operation claims to have a publication in Cairo's Tahrir Square. Reuters
Iran's disinformation operation claims to have a publication in Cairo's Tahrir Square. Reuters

Reuters found that at least 21 of the sites shared phone and address details with an online agency called the International Union of Virtual Media (IUVM), which says on its website it is headquartered in Tehran. It could not verify that the sites were explicitly linked to the Iranian government.

But FireEye said it was confident that the sites that it had uncovered, which are part of the newly-disclosed collective of sites, had a close link to the Iranian government after four years of tracking their activity.

A hacker group linked to the network has tried to spread malware against Iranian regime adversaries, including “GCC states”, leading the security firm to the assumption that it is likely regime-backed.

Twitter has now suspended the accounts of Nile Net Online and Sudan Today in light of the new investigation.