Acting on a tip from FireEye about a network of Facebook pages and accounts on other sites called “Liberty Front Press,” Facebook discovered coordinated inauthentic behavior aimed at persons in the Middle East, Latin America, U.K. and U.S.
The company was “able to link this network to Iranian state media through publicly available website registration information, as well as the use of related IP addresses and Facebook Pages sharing the same admins,” wrote Nathaniel Gleicher, Head of Cybersecurity Policy.
Some of the accounts, dating back to 2013, “attempted to conceal their location, and they primarily posted political content focused on the Middle East, as well as the U.K., U.S. and Latin America,” Gleicher said, explaining that the in 2017 the focus was increasingly on the U.S. and U.K.
“Accounts and Pages linked to ‘Liberty Front Press’ typically posed as news and civil society organizations sharing information in multiple countries without revealing their true identity,” he said.
The accounts attracted about 155,000 followers on Facebook and 48,000 on Instagram.
The second part of Facebook’s probe revealed “links between ‘Liberty Front Press’ and another set of accounts and Pages, the first of which was created in 2016,” that “typically posed as news organizations and didn’t reveal their true identity,” Gleicher said. “They also engaged in traditional cybersecurity attacks, including attempts to hack people’s accounts and spread malware, which we had seen before and disrupted.”
A third segment of the probe in August 2017 “uncovered another set of accounts and Pages, the first of which was created in 2011, that largely shared content about Middle East politics in Arabic and Farsi,” he said. “They also shared content about politics in the U.K. and U.S. in English.”