Hundreds of Facebook accounts deleted for spreading misinformation

Facebook and Twitter shut down hundreds of user accounts tied to Iran and Russia for spreading misinformation.

Facebook, with the help of cybersecurity company FireEye Inc., removed 652 pages, groups and accounts for "inauthentic behavior" this week. In a statement, Facebook's head of cybersecurity policy Nathaniel Gleicher said that the Facebook accounts deleted originated in Iran and targeted people in the Middle East, Latin America, the U.K. and the U.S.

FireEye gave Facebook a tip in July about a network of pages known as "Liberty Front Press" and from that, Facebook was able to identify more pages in the network and attribute them to Iran.

"We are able to link this network to Iranian state media through publicly available website registration information, as well as the use of related IP addresses and Facebook Pages sharing the same admins," Gleicher explained, adding that some of the accounts they looked at were created in 2013. "Some of them attempted to conceal their location, and they primarily posted political content focused on the Middle East, as well as the U.K., U.S., and Latin America. Beginning in 2017, they increased their focus on the U.K. and U.S."

Most of the Facebook accounts deleted were associated with Iran and had been running paid-for ads on both social media platforms for the last six years; some had even hosted events.

"This operation is leveraging a network of inauthentic news sites and clusters of associated accounts across multiple social media platforms to promote political narratives in line with Iranian interests," FireEye Intelligence explained in a blog post. "These narratives include anti-Saudi, anti-Israeli, and pro-Palestinian themes, as well as support for specific U.S. policies favorable to Iran, such as the U.S.-Iran nuclear deal (JCPOA). The activity we have uncovered is significant, and demonstrates that actors beyond Russia continue to engage in and experiment with online, social media-driven influence operations to shape political discourse."

Gleicher said that Facebook is still investigating some of these accounts.

"Since there are US sanctions involving Iran, we've also briefed the US Treasury and State Departments," Gleicher said. "These sanctions allow companies to provide people internet services for personal communications, including the government and its affiliates. But Facebook takes steps to prevent people in Iran and other sanctioned countries from using our ad tools."

Facebook also removed pages, groups and accounts that it had previously identified as being linked to Russian military intelligence services, though they are unrelated to the Iran-linked accounts.

"While these are some of the same bad actors we removed for cybersecurity attacks before the 2016 U.S. election, this more recent activity focused on politics in Syria and Ukraine," Gleicher said. "For example, they are associated with Inside Syria Media Center, which the Atlantic Council and other organizations have identified for covertly spreading pro-Russian and pro-Assad content. To date, we have not found activity by these accounts targeting the U.S."

Following Facebook's announcement that it had taken down these accounts, Twitter said it too had suspended user accounts originating from Iran for "engaging in coordinated manipulation."

Working with our industry peers today, we have suspended 284 accounts from Twitter for engaging in coordinated manipulation. Based on our existing analysis, it appears many of these accounts originated from Iran.

— Twitter Safety (@TwitterSafety) August 22, 2018

Alphabet Inc. also reportedly shut down accounts tied to Iran for running propaganda operations on Google Plus and YouTube.