There are times when Iran seems to be one of the most sophisticated nations in the world when it comes to covert operations. They don’t have the level of techniques employed by espionage experts in the United States, Russia, or Israel, nor do they have the technical prowess of China or North Korea, but they have a level of deceptiveness that makes them formidable nonetheless.
But when it comes to disinformation campaigns, they’re ineptitude is almost comical, as Citizen Lab revealed early this morning. The media and technology watchdog and research group has built a reputation for uncovering some of the most complex disinformation schemes conducted across the internet. Their comprehensive uncovering of Endless Mayfly is another huge feather in their bountiful cap.
Here are the key findings from their report:
- Endless Mayfly is an Iran-aligned network of inauthentic personas and social media accounts that spreads falsehoods and amplifies narratives critical of Saudi Arabia, the United States, and Israel.
- Endless Mayfly publishes divisive content on websites that impersonate legitimate media outlets. Inauthentic personas are then used to amplify the content into social media conversations. In some cases, these personas also privately and publicly engage journalists, political dissidents, and activists.
- Once Endless Mayfly content achieves social media traction, it is deleted and the links are redirected to the domain being impersonated. This technique creates an appearance of legitimacy, while obscuring the origin of the false narrative. We call this technique “ephemeral disinformation”.
- Our investigation identifies cases where Endless Mayfly content led to incorrect media reporting and caused confusion among journalists, and accusations of intentional wrongdoing. Even in cases where stories were later debunked, confusion remained about the intentions and origins behind the stories.
- Despite extensive exposure of Endless Mayfly’s activity by established news outlets and research organizations, the network is still active, albeit with some shifts in tactics.
It was initially believed the organization was a Russian proxy, but their techniques and subjects eventually pointed to a likelihood of Iran being involved. While Citizen Lab rightly proclaims a likelihood instead of certainty of Iranian involvement, the data seems to be so clearly linked to Iran that there are only two reasonable explanations: either it is someone trying awfully hard to appear to be linked to Iran, or it’s Iran.
I’m going with the latter.
Their favored technique seems to be establishing fake websites with names close enough to legitimate websites that they’re able to fool prolific social media users and eager journalists dying for a juicy story. Buzzfeed News fell victim to one such instance on a website that looked identical to The Guardian, but that used a URL with a Turkish symbol replacing the “i” in “Guardian.”
They weren’t the only ones fooled. This operation seems to be quite vast.
But there were other obvious signs of falsehood that should have been noticed by the “useful idiots” propagating their disinformation. One article linked to from the report shows plenty of errors that a trained journalist should have noticed, and in this case, he did.
On November 5, 2018, Ali Al-Ahmed, a Washington-based expert in terrorism in the Gulf states and a vocal critic of Saudi Arabia, received a direct message on Twitter from “Mona A. Rahman” (@Mona_ARahman, now suspended).
After engaging in some polite conversation in Arabic with Al-Ahmed, “Mona” shared what appeared to be an article from the Harvard Kennedy School’s Belfer Center. The article contained a purported quote from former Mossad director Tamir Pardo, alleging that former Israeli Defense Minister Avigdor Lieberman had been dismissed by Netanyahu for being a Russian agent. These allegations, if true, might reasonably be expected to strain relations between Russia and Israel.
The story sent to Al-Ahmed is so loaded with spelling and grammatical mistakes, it’s a wonder anyone could get fooled if this is indicative of the quality of Iran’s disinformation work.
If we assume Iran is, indeed, behind all of this, what does that tell us? We know tensions have been rising between Iran and both the U.S. and Israel. We can assume if they’ve been working at this since at least early 2016, they’ve had an agenda that extended to long before President Trump was elected. They probably found it unlikely he would be. So their goals weren’t to influence the U.S. elections as much as they were intended to shift sentiment from the rest of the world towards the United States, Israel, and Saudi Arabia.
The full report is a wonderful read. As research on such topics, this one is exhaustive and enlightening.
But it still doesn’t answer the question of what this all means for the geopolitical positioning of Iran. They clearly want something, but that something has very likely changed since inception. Their economy was starting to flourish when President Obama was in office. Under President Trump, their economy has begun a rapid fall, prompting alleged actions ranging from sabotaging oil tankers to preparing to strike U.S. targets. They are desperate, and having access to a disinformation organization may help them seed discontent with the United States as our military stance in the Persian Gulf becomes more aggressive.
Iran has been acting like a wild animal cornered by superior forces ever since President Trump started pulling back the layers of protection given to them by President Obama. What will they do next? Their desperation is showing.