How Facebook used a security firm to catch ‘fake news’ campaigns

Conrad Duncan, Journalist

Tackling online disinformation campaigns

Social media companies have pledged to get serious about tackling online disinformation campaigns in recent months and we’re now beginning to see the fruits of their efforts. Last week, Google, Facebook and Twitter deleted hundreds of fake accounts and pages, some of which were linked to Russia and Iran. The action was made possible by FireEye, a security firm known for its work fighting cyber-attacks against major US companies.

The California-based firm was founded in 2004 and set up to tackle traditional cyber-security threats, such as phishing and hacking attempts. Since then, it has amassed a team of former military and law-enforcement experts and expanded its work to spot election interference and disinformation campaigns. Although companies like Facebook have in-house monitoring teams, they often need to use outside experts to detect threats.

How to spot a disinformation campaign

Lee Foster, manager of FireEye’s information operations analysis team, spoke extensively last week about how the firm uncovered the Iran-linked disinformation campaign. He leads a team which is specifically focused on uncovering influence operations like the one led by Russian organisations during the 2016 US presidential election.

The investigation started when his team spotted a cluster of social media accounts pushing anti-Trump or anti-Israel commentary. Researchers found that many of the accounts, which claimed to be run by left-leaning Americans, shared articles from Liberty Front Press – a website which took much of its content from sites like CNN and Politico.

This tipped off FireEye to look more closely and uncover connections between these accounts which linked them to Iran. They found that Liberty Front Press’ website was originally registered with an email linked to advertisements for web designers in Tehran, which was also used to register for another website. From there, FireEye also found many Twitter accounts supporting Liberty Front Press which were linked to Iranian phone numbers, despite claiming to be run by Americans.

FireEye alerted Facebook to their findings, who launched their own investigation, which led to Twitter and Google taking actions against the accounts. Unlike the Russian influence campaign in 2016, the Iran accounts did not appear to be targeting a specific election but instead supported views which favoured general interests of the Iranian government.

However, FireEye will be expected to monitor social media for disinformation campaigns related to the 2018 US mid-term elections in November. As the barrier to entry for running a campaign like the ones found recently are low, both in terms of cost and skills, future campaigns are likely.

Public pressure

The public praise from organisations such as Facebook and Google has boosted FireEye’s standing in the cyber-security industry – its stock rose by over 6% last week – but some in the industry have raised concerns over the announcements. They argue that statements attributing attacks to specific countries can put pressure on governments to publicly attribute the attack or to act against them. Critics have warned that in the case of the Iran-linked campaign, the US may not be prepared to act against the websites or feel they have enough evidence to blame the country. Therefore, the firm’s intervention could be politically unhelpful.

The success of FireEye shows that the nature of cyber-security has changed, moving away from traditional attacks (hacks and phishing scams) towards a more complicated and covert threat. With that threat unlikely to disappear, you should expect to hear a lot more from companies like it in the future.