Iranian Fake News Websites Exposed

Uploaded on 2019-06-11 in TECHNOLOGY-Key Areas-Social Media, INTELLIGENCE-Hot Spots-Iran, FREE TO VIEW

The Citizen Lab at University of Toronto have released a case study of Endless Mayfly, “an Iran-aligned network of inauthentic websites and online personas used to spread false and divisive information primarily targeting Saudi Arabia, the United States, and Israel.”  Here’s how the “disinformation supply chain” worked:
 
Step 1: Create personas: Endless Mayfly personas establish social media identities that are used to amplify specific narratives and propagate Endless Mayfly content.
 
Step 2: Impersonate established media sites: Using typosquatting and scraped content, sites are created to impersonate established media outlets, such as Haaretz and The Guardian, which then serve as platforms for the inauthentic articles.
 
Step 3: Create inauthentic content: Stories combining false claims and factual content are published on the copycat sites or as user-generated content on third-party sites.
 
Step 4: Amplify inauthentic content: Endless Mayfly personas amplify the content by deploying a range of techniques from tweeting the inauthentic articles to privately messaging journalists. Multiple Iran-aligned websites also propagate content in some instances. In one case, Bot activity was observed on Twitter.
 
Step 5: Deletion and redirection: After achieving a degree of amplification, Endless Mayfly operators deleted the inauthentic articles and redirected the links to the legitimate news sites that they had impersonated. References to the false content would continue to exist online, however, further creating the appearance of a legitimate story, while obscuring its origins.
 
One of the fake articles created was purportedly by The Atlantic. The articles were fake and it wasn’t too hard to tell if you’re a savvy news reader, though that doesn’t mean that some legitimate media outlets weren’t fooled.  WhatsApp has tried to fight the spread of fake news by adding app controls that limit the number of times a message can be forwarded to five. But recently Reuters reported how easy it is to get around those controls: 
 
“WhatsApp clones and software tools that cost as little as $14 are helping Indian digital marketers and political activists bypass anti-spam restrictions set up by the world’s most popular messaging app.”
 
Key Findings
• Endless Mayfly is an Iran-aligned network of inauthentic personas and social media accounts that spreads falsehoods and amplifies narratives critical of Saudi Arabia, the United States, and Israel.
• Endless Mayfly publishes divisive content on websites that impersonate legitimate media outlets. Inauthentic personas are then used to amplify the content into social media conversations. In some cases, these personas also privately and publicly engage journalists, political dissidents, and activists.
• Once Endless Mayfly content achieves social media traction, it is deleted and the links are redirected to the domain being impersonated. This technique creates an appearance of legitimacy, while obscuring the origin of the false narrative. We call this technique “ephemeral disinformation”.
• The investigation identifies cases where Endless Mayfly content led to incorrect media reporting and caused confusion among journalists, and accusations of intentional wrongdoing. Even in cases where stories were later debunked, confusion remained about the intentions and origins behind the stories.
• Despite extensive exposure of Endless Mayfly’s activity by established news outlets and research organisations, the network is still active, albeit with some shifts in tactics.
 
CitizenLab:       NiemanLab:        
 
You Might Also Read:
 
Cognitive Science Can Explain Why Fake News Works:
« Three New Free Cyber First Courses For Students
Ford Cars Employ New AI Systems »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

iXsystems

iXsystems

iXsystems is a leader in Open-Source enterprise server and storage solutions including Backup & Recovery to protect critical data.

PrimaTech

PrimaTech

PrimaTech provide process safety, cyber and process security, and risk management consulting, training and software for the process industries.

X4 Technology

X4 Technology

X4 Technology is a leader in finding the very best technology talent for some of the world’s most innovative start-ups and globally recognised brands.

Council to Secure the Digital Economy (CSDE)

Council to Secure the Digital Economy (CSDE)

CSDE brings together companies from across the ICT sector to combat increasingly sophisticated and emerging cyber threats through collaborative actions.

Siemens

Siemens

Siemens Industrial Security Services provide solutions for cybersecurity in automation environments based on the recommendations of the international standard IEC 62443.

Aversafe

Aversafe

Aversafe provides individuals, employers and certificate issuers around the world with a first line of defense against credential fraud.

BlackScore

BlackScore

BlackScore is a technology company seeking to disrupt risk assessment using AI-driven technology.

Venkon

Venkon

Venkon provides effective and unique solutions to cyber-security threats and IT compliance requirements of your organization.

E2E Technologies

E2E Technologies

E2E Technologies are a proactive, SLA-beating, managed service provider that busts the common stereotypes surrounding IT.

Data#3 Limited (DTL)

Data#3 Limited (DTL)

Data#3 Limited (DTL) is a leading Australian IT services and solutions provider.

IBM Security

IBM Security

IBM manufactures and markets computer hardware, middleware and software, and offers hosting and consulting services in areas ranging from mainframe computers to nanotechnology.

Acclaim Technical Services (ATS)

Acclaim Technical Services (ATS)

ATS provide operational products, services and solutions to the defense and intelligence communities for all types of critical mission needs.

BioID

BioID

BioID are a German company offering deepfake detection, liveness detection, facial authentication & identity verification as a Service. 

InfoTrust

InfoTrust

InfoTrust is a leading specialised cybersecurity practice that combines a customer-first consulting approach with next-generation security solutions.

RunReveal

RunReveal

RunReveal's mission is to make sure no breach goes undetected. That means having a product that is accessible and effective for companies of all sizes.

RST Cloud

RST Cloud

RST Cloud is a cutting-edge technology company that specialises in threat intelligence solutions for businesses of all sizes.