Cyberwarfare / Nation-State Attacks , Fraud Management & Cybercrime , Next-Generation Technologies & Secure Development
DOJ Seizes Domains Used for Iranian Disinformation CampaignsWebsites Were Linked to Islamic Revolutionary Guard Corps
The U.S. Justice Department has seized 92 domains that Iran's Islamic Revolutionary Guard Corps was using to support a global disinformation campaign.
See Also: LIVE Webinar | Stop, Drop (a Table) & Roll: An SQL Highlight Discussion
Iran’s military intelligence unit used the domains, which were disguised as genuine news portals, to spread propaganda in an attempt influence public opinion and sow discord, according to the Justice Department. Of the 92 domains seized, four were active across the U.S. The others targeted audiences in Western Europe, the Middle East and Southeast Asia.
The Justice Department and the FBI seized and shut down the domains on Oct. 7 after Google alerted authorities. Law enforcement officials also worked with Twitter and Facebook to ensure all the Iranian-linked websites were identified.
In September, Twitter announced that it had worked with the FBI to remove 130 accounts that appeared to originate in Iran and attempted to disrupt the first 2020 U.S. presidential debate.
Based on intel provided by the @FBI, last night we removed approximately 130 accounts that appeared to originate in Iran. They were attempting to disrupt the public conversation during the first 2020 US Presidential Debate.— Twitter Safety (@TwitterSafety) October 1, 2020
The Justice Department noted that all the websites seized this week violated the Foreign Agents Registration Act, which requires foreign entities engaged in political activities to regularly disclose their relationship with foreign governments.
"Fake news organizations have become a new outlet for disinformation spread by authoritarian countries as they continue to try to undermine our democracy," says Assistant Attorney General for National Security John C. Demers.
The four fake news domains active in the U.S. were "newsstand7.com," "usjournal.net," "usjournal.us" and "twtoday.net," according to the Justice Department.
The usjournal.net domain was part of a cluster of websites known as International Union of Virtual Media that used content from Iranian state media and other outlets aligned with the government in Tehran, according to a 2018 report by the Atlantic Council's Digital Forensic Research Lab.
The Atlantic Council noted that at least 10 websites were part of the International Union of Virtual Media. The cluster also contained an English-language broadcast channel, news apps and a news aggregator along with other platforms. The Iranian government used these to push content with messages against Saudi Arabia, the U.S. and other Western nations, according to the analysis.
In May, Facebook announced that it removed 118 pages, 389 Facebook accounts, 27 groups and six Instagram accounts that Iran’s state broadcaster - Islamic Republic of Iran Broadcasting – had used to spread pro-Iranian messaging online since at least 2011, according to Reuters.
Eye on Iran Security
With the U.S. election less than a month away, U.S. federal agencies have been warning of heightened disinformation campaigns and other online threats from Iran.
In August, Christopher Krebs, director of the Cybersecurity Infrastructure and Security Agency, warned that hacking and data-leak campaigns against political parties and candidates - as well as broader disinformation campaigns - are some of the biggest threats Iran poses to the November elections (see: Election Security: A Progress Report From CISA's Krebs).
William Evanina, the director of the National Counterintelligence and Security Center, reported to Congress in August that Iran's main focus is to undermine U.S. democratic institutions, as well as the Trump administration, which Iran sees as a threat to its geopolitical interests (see: US Intelligence Adds More Details on Election Interference).
To counter some of Iran's interference and disinformation, the Justice Department announced a string of indictments of Iranian nationals and groups in September. Prosecutors alleged they had ties to hacking and cyberespionage campaigns (see: Will US Indictments of Iranian Hackers Be a Deterrent?).