As reports have emerged about these closures, more details have come to light about the origins of the relevant pages, as well as their methods and the trends involving hacking collectives and government agencies that run them. Although initial concerns about fraudulent social media use were focused on Russian state actors, other nations have also been implicated, with the Iranian regime standing prominently among them.
The fight against social media disinformation has had the side-effect of confirming separate reports about increasingly sophisticated hacking and cyberespionage activities associated with the Iranian government. And naturally, as these hacking efforts have developed, more and more Iran-linked accounts and pages are being taken down by Facebook. This, in turn, underlines warnings from cybersecurity experts concerning the potential for such operations to continue exploiting new outlets even after preexisting networks have been disrupted.
With this in mind, it stands to reason that the latest reports also describe the exposure of cyber operations that will most likely reorganize and restart after a period of adjustment. Specifically, those reports point to Facebook’s takedown of four separate networks, three of which appeared to have their origins in Iran. Many of those networks’ activities were described as following the familiar Russian model for trolling, in that they posted commentary on American politics which attacked both sides of various issues in an effort to inflame discord.
The NSA reports indicate that US government agencies and officials were among the entities to be compromised by Russian hackers working with their Iranian counterparts. But those same activities also affected at least 34 other countries. Meanwhile, some cyberattacks have been recognized as genuinely Iranian because rather than being focused on fueling political discord, they used false identities in the spread of propaganda that originated in Iranian state media.
These sorts of activities serve as further confirmation of the fact that longstanding cyber activities are still recurring after having been previously exposed and disrupted. In May, the Citizen Lab research group, based at the University of Toronto, determined that Iranian entities had developed a massive network of websites designed to spread false and misleading information in the guise of legitimate news articles. In many cases, those sites relied on a simple misspelling of real news websites in order to sell the deception to hasty or inattentive readers.
Unsurprisingly, Citizen Lab also found that Iran utilized fraudulent social media accounts to facilitate the spread of fake news hosted on other platforms. Many of those same accounts were the target or previous takedowns by Facebook, and many of the Iranian-made websites have been similarly taken down by internet service providers. But Facebook’s latest action suggests that the social media accounts used in this scheme have at least partially reconstituted themselves. And the same may soon turn out to be true of the deceptive websites.