Last year, the major tech companies examined how Russia was able to take advantage of various platforms during the 2016 U.S. election. Ahead of the midterms, many are stepping up enforcement with Facebook just detailing another country’s efforts to interfere. Google today joined in and also named Iran as being responsible for a misinformation campaign that used YouTube, Blogger and other services.
The discovery of this “influence campaign” involved working with cybersecurity group FireEye over the past two months to identify three email and Google+ accounts, as well as YouTube channels, with suspicious activity.
Forensic evidence from Google’s Threat Analysis Group, Trust & Safety team, and partners at Jigsaw point to these state-based actors being associated with the Islamic Republic of Iran Broadcasting (IRIB). Google cannot reveal exact technical information as it would be used to further abuse platforms, but at a high-level notes how:
- Technical data associated with these actors is strongly linked to the official IRIB IP address space.
- Domain ownership information about these actors is strongly linked to IRIB account information.
- Account metadata and subscriber information associated with these actors is strongly linked to the corresponding information associated with the IRIB, indicating common ownership and control.
Taken in conjunction with other technical signals and analysis, this campaign from Iran’s state broadcaster has been operational since at least January 2017. Several Google products were used, with those accounts “swiftly” disabled:
- 39 YouTube channels that had 13,466 total US views on relevant videos;
- 6 blogs on Blogger
- 13 Google+ accounts
Google has steps in place to prevent future accounts from being created, and is working with U.S. officials and law enforcement:
Actors engaged in this type of influence operation violate our policies, and we swiftly remove such content from our services and terminate these actors’ accounts. Additionally, we use a number of robust methods, including IP blocking, to prevent individuals or entities in Iran from opening advertising accounts.
The company today also provided an update on the Russian-linked Internet Research Agency and its continuing interference efforts:
Since then, we have continued to monitor our systems, and broadened the range of IRA-related actors against whom we’ve taken action. Specifically, we’ve detected and removed 42 YouTube channels, which had 58 English-language political videos (these videos had a total of fewer than 1,800 U.S. views). We’ve also identified and terminated the account associated with one blog on Blogger.