Google removes dozens of YouTube channels linked to 'influence operation'

Researchers believe hackers used Chrome extensions and other malicious tools — along with domains issued by a single registrar — to spy on computer users. (Getty Images)

Share

Written by

Google removed dozens of YouTube channels, blogs and social media accounts linked to an “influence operation” allegedly sponsored by the Iranian government, the company announced on Thursday. Google also announced that it had recently notified Gmail users targeted by phishing campaigns from “a wide range of countries,” including Iran.

Google linked the accounts to the Islamic Republic of Iran Broadcasting and dated the operation back to at least January 2017. Based on the global nature of the activity, it appears the operations are not targeted at the U.S. midterm elections.

The action followed Monday’s termination of hundreds of accounts on Facebook and Twitter linked to a group known as “Liberty Front Press,” an effort also tied to Iran.

“Our technical research has identified evidence that these actors are associated with the IRIB, the Islamic Republic of Iran Broadcasting,” Kent Walker, Google’s senior vice president of global affairs, said in a blog post on Thursday. “Actors engaged in this type of influence operation violate our policies, and we swiftly remove such content from our services and terminate these actors’ accounts.”

The accounts identified and terminated included 39 YouTube channels with 13,466 total American views on “relevant” videos, six blogs on the Blogger platform and 13 Google+ accounts, Walker explained. Google has shared its findings with the U.S. government.

Google, Facebook and Twitter all credited work with the cybersecurity FireEye as helping identify some of the alleged influence campaign. FireEye published a full report on Thursday on the subject.

“This operation is leveraging a network of inauthentic news sites and clusters of associated accounts across multiple social media platforms to promote political narratives in line with Iranian interests,” according to a FireEye statement earlier this week. “These narratives include anti-Saudi, anti-Israeli, and pro-Palestinian themes, as well as support for specific U.S. policies favorable to Iran, such as the U.S.-Iran nuclear deal (JCPOA).”

FireEye’s report maps the connection between Liberty Front Press and the Iran-based religious website gahvare.com including shared registrant email addresses. The operation extends across multiple websites and social networks including Facebook, Twitter, YouTube and Reddit.

(FireEye)

Citing the need to protect against future abuse, Google itself gave only an overview of the evidence of abuse it found: “Technical data associated with these actors is strongly linked to the official IRIB IP address space, domain ownership information about these actors is strongly linked to IRIB account information [and] Account metadata and subscriber information associated with these actors is strongly linked to the corresponding information associated with the IRIB, indicating common ownership and control.”

The work spotlighted by Google and FireEye on Thursday is not the full extent of the operation, FireEye said.

“We continue to investigate and identify additional social media accounts and websites linked to this activity,” FireEye’s researchers wrote. “For example, we have identified multiple Arabic-language, Middle East-focused sites that appear to be part of this broader operation that we do not address here.”

-In this Story-

FireEye, Gmail, Google, information operations, Iran, YouTube
TwitterFacebookLinkedInRedditGoogle Gmail