Facebook has closed down more than 600 accounts and pages due to malicious activity it has linked to the Russian military and Iran in yet more instances of foreign actors infiltrating the social network to spread propaganda.
On Tuesday night, Facebook convened a call with media headed by CEO Mark Zuckerberg to outline the new cases of "inauthentic" activity--accounts that conceal their true identity usually in order to influence the online discussion around politics and social causes.
Cyber security firm FireEye, which worked with the social network to investigate some of the fraudulent activity, said in a blog post that "it's aimed at audiences in the U.S., U.K., Latin America, and the Middle East. This operation is leveraging a network of inauthentic news sites and clusters of associated accounts across multiple social media platforms to promote political narratives in line with Iranian interests."
Iranian state media operated what Facebook called a "network of Facebook Pages as well as accounts on other online services" using cover names like "Liberty Free Press" and "Quest 4 Truth." The networks were used to spread pro-Iranian, pro-Palestinian, anti-Saudi Arabia and anti-Israel propaganda.
"The activity we have uncovered is significant," FireEye wrote in its blog post. "And demonstrates that actors beyond Russia continue to engage in and experiment with online, social media-driven influence operations to shape political discourse."
In one disinformation campaign, FireEye saw inauthentic social media accounts pretending to be supporters of Sen. Bernie Sanders that promoted Quds Day, an Iranian holiday honoring Palestinians. In other instances, similar accounts promoted Iranian political interests, such as supporting the nuclear deal that President Trump pulled out of this year. The activities were not relegated to just Facebook and included Instagram and Twitter, according to Facebook and FireEye. Twitter posted this late Tuesday:
Working with our industry peers today, we have suspended 284 accounts from Twitter for engaging in coordinated manipulation. Based on our existing analysis, it appears many of these accounts originated from Iran.
— Twitter Safety (@TwitterSafety) August 22, 2018
"In the context of the U.S.-focused activity, [the disinformation campaigns include] significant anti-Trump messaging and the alignment of social media personas with an American liberal identity," FireEye wrote. "However, it is important to note that the activity does not appear to have been specifically designed to influence the 2018 U.S. midterm elections, as it extends well beyond U.S. audiences and U.S. politics."
Facebook broke the Iranian-linked investigation into three separate parts that appeared to use different tactics affiliated with different accounts and targeting different regions. One part of the investigation found accounts linked to "Liberty Free Press" that engaged in traditional cyber attacks, like attempts at hacking other people's accounts and spreading malware, Facebook said.
Facebook also uncovered more than $12,000 in ad spending by inauthentic accounts, but did not disclose details of the ad campaigns nor what they were meant to influence. Facebook did not reveal all the details of the latest investigations, such as the names of all the hundreds of fake accounts and examples of posts that they shared on the social network and Instagram.
"These investigations are ongoing," Facebook said in its blog post attributed to Nathaniel Gleicher, head of cyber security policy. "And given the sensitivity we aren't sharing more information about what we removed."
Last year, Facebook disclosed that 475 fake accounts traced back to Russia bought more than $100,000 in ads around the time of the 2016 U.S. election.
Since then, Facebook has made it harder to buy political and issue-based ads, making advertisers prove their identities and locations. Facebook also now discloses all political and issue-based ads in an online archive.
As part of the latest round of investigations, Facebook said it removed more pages, groups and accounts linked to sources that the U.S. government has identified as Russian military services.
"These are some of the same bad actors we removed for cybersecurity attacks before the 2016 US election," Facebook said in the blog post. "This more recent activity focused on politics in Syria and Ukraine."