Hackers planted Trump smears and pro-Iran trawlers spread them


President Trump died from the coronavirus and handed over power to Mike Pence. Black Lives Matter protesters were around Clinton’s home in New York and firing. These are some of the fake scams that tried to fool readers for a few moments earlier this month through a hacked Twitter account of an Israeli news outlet. Twitter says the trolls speeding them up are linked to Iran.

The event started just as quickly and the outlet, Israel Hayom, Regained control of his account. But heck it was no different. Over the past year, hackers have smashed the Twitter accounts of many news organizations and at least one website to spread fake stories. A new investigation by the Daily Beast and Mandiant Threat Intelligence suggests that hackers in Iran may be behind the incident.

Used to expand fake Twitter accounts Israel Hayom Stories have been used to hype bogus articles planted by hackers on the Twitter accounts of the Orthodox Jewish news website and Bahiri News Outlet. The account, linked to Irani, also drew attention to a fake account by imitating Zac Emanuel, one of America’s most famous doctors.

The Daily Beast shared its findings with Twitter. The social media company then suspended about 80 accounts for violating its eRong, integrated amplification and platform manipulation policies on spam.

“At this stage, we are conducting a full investigation but preliminary technical and behavioral indicators indicate that these accounts are interconnected and have their origins within Iran,” a Twitter spokesman said in a statement. “As always, we disclose every single account and tweet we can confidently associate with state artists in our public archive – the only one of its kind in the industry.”

The Daily Beast was unable to identify the specific hackers responsible for the breach of the Twitter account and website. But the integration of break-ins through Iranian-linked accounts on social media, overlapping amplification, suggests a link between hackers planting stories and troll accounts revealing it.

A trail of hexes

When the hackers crashed Israel HayomTrump was on the verge of death and Black Lives was coming after Matter Clinton, he slipped into saying some regional topic and has a Twitter account to fool users into thinking. In the wake of fake tweets about US politics, hackers bogusly claimed that Israeli authorities had found a Hezbollah submarine off the coast of Haifa.

As users explicitly turn their attention to phone content, a handful of Twitter accounts can jump into the integrated defense of stories with cut-and-paste speech issues to try and defeat suspects. Examples include “The term hack is well used to hide the real weakness of Israeli forces!” And “We must acknowledge Hezbollah’s great military capability to destroy Israel.”

These amplification efforts, while lame and unsuccessful, have led to a similar hacking incident involving propaganda linked to Irani experimental disguise.

Twitter accounts @Fahad_Lam 1989 and @ Jessica 22૨૨૨૨8874, who later claimed to be former ABC News reporters, spent most of their short existence in the story posted on the Israeli-based Jewish news and TV organization Hidabrot.

The story, later cut and written in clumsy Hebrew, includes fake quotes from Israeli ministers, who easily compare Arab leaders to donkeys in the wake of Israel’s generalization agreement with the United Arab Emirates.

In an email to the Daily Beast, site administrators said the fake story was hacked before it was posted.

@Fahad_lam1 also legitimate legitimate is also frequently mentioned on the tweets of legitimate news organizations with links to hacked tweets from Bahiri news organization Al Bilad, which soon lost control of its Twitter account in August and September. Tweets from Al Bilad’s compromised account have since been deleted, but, like the fake Hidabrot story, screenshots obtained at the time criticized the UAE’s normalization of diplomatic relations with Israel. In an Instagram post, Al Bilad confirmed that she had been hacked and was subject to a series of break-in attempts at the time.

It is still unclear who was responsible for the account break-ins extended by Iranian Linked Trolls. According to Lee Foster, senior manager of information operations analysis at Mandiant Threat Intelligence, one of the concerns of cyber security researchers is to compromise with legitimate news sites for posting fake news articles.

“The compromise of legitimate news websites for posting fake stories is one of the tricks we’ve seen through various artists, and one that we’re concerned about considering the validity of those sites and their direct reach with a large audience,” Foster said. .

Ers ongo

Paying attention to the hack stories was not just an attempt to get an eye-opener on their propaganda by trolls affiliated with Iran. While hackers could not steal real estate on a legitimate news organization’s website or Twitter accounts, the trolls associated with Iran imitated celebrities in an attempt to imitate their style in the audience.

Among the targets of his campaign were Dr. Zac Emanuel, the brother of Reham Emanuel, Obama’s chief of staff at the White House, and chairman of the Department of Medical Ethics at the University of Pennsylvania. The fake Czech Emanuel account warned that black and older Americans would be forced to seek treatment for COVID-19 at FEMA camp in a proud conspiracy story by pro-Ima troll accounts.

“I didn’t have a Twitter account before,” Emanuel told the Daily Beast in an email. “Someone complimented me on Twitter and that was the first time I found out about that account. To be honest ersong was very good. “

As previously reported by The Daily Beast, pro-Iranian traders carried forward the same racist narrative about the epidemic, thus keeping the ersong in mid-May. At the time, in the name of a real World Health Organization executive, mistakenly verified by a social media company, the Trump administration pushed a false conspiracy to test a coronavirus vaccine on black Americans, in a clear call lab of Tuskegee experiments.

Iranian trolls also harassed an Israeli hospital executive in an attempt to embarrass the Tajik president and his son. The account, as the CEO of a private hospital in Herzliya, falsely claims that Rustam Emomali, the son of Tajik National Assembly Speaker and Tajik President Emomali Rahmon, was treated for rectal cancer in Israel. The Emomali and Tajik governments have denied the allegations, calling them “intentional provocations.”

The executive of the actual Israel Hospital did not respond to requests for comment. Twitter has suspended its impong account after being reported to the company by the Daily Beast.

Relations between Iran and Tajikistan have been strained since the recent spate of allegations of Iranian-funded terrorists in the Central Asian country during the civil war in the 1990s.

Endless Mayfly

Twitter suspended four additional accounts found by the Daily Beast and Fire but has not yet linked them to any major campaigns or actors.

The Iranian actors have been credited with using a number of tactics, including using fake tweets from hacked Twitter accounts used to criticize Europe and Saudi Arabia, these accounts, mainly featuring journalists.

In June, hackers seized a long-term Twitter account, ઉArabiaNow, run by the lobbying company Corvis Communications on behalf of the Saudi embassy in Washington D.C., and used the Trump organization to obtain construction contracts in Saudi Arabia. The Saudi government awarded the contract to the Israeli cyber security firm Check Point.

Corvis did not respond to a request for comment from the Daily Beast.

The four accounts also tweeted the source domains, meaning the websites of legitimate news organizations are similar to the disinformation campaign known as Endless Mayfly. The University of Toronto’s Citizen Lab University called the first endless Mayfly an “Iran-aligned” disinformation activity that traps real news websites with typo-squatting – registering easy sites to misspell – Saudi Arabia, United States. . , And Israel. “

Spoof sites tweeted by four suspended accounts seem to be exactly from the Mayfly playbook, stories focused on the U.S., Israel and Saudi Arabia, and their expansion has been spammed in Twitter responses to real news outlets. Accounts. These sites – resembling the actual pages of The Independent Australia Australia, Israel National News and Novellobs – will be used to spread fake stories about Israeli Prime Minister Benjamin Netanyahu’s son in various high-level domains with misspelled URLs and copied site addresses .

And while Twitter has not yet blamed the four accounts for any major activity or actors, they recently shared some overlap in suspended accounts linked to Iran. Specifically, the four accounts extend both the fake Czech Emanuel account and the Al Bilad Twitter account hack, featuring the activity of Iranian trolls attributed via Twitter. In other words, it appears to be part of a broader, pro-Tehran disinformation pressure.

.