Cyberwarfare / Nation-State Attacks , Fraud Management & Cybercrime , Social Engineering

DOJ Seizes 27 More Iranian-Operated Domains

4 Domains Targeted US Citizens With Pro-Iranian Propaganda, Prosecutors Say
DOJ Seizes 27 More Iranian-Operated Domains

The U.S. Justice Department has seized 27 website domains being operated by Iran's Islamic Revolutionary Guard Corps to conduct a covert influence campaign targeting the U.S. and other citizens from around the world.

See Also: OnDemand | Combatting Rogue URL Tricks: How You Can Quickly Identify and Investigate the Latest Phishing Attacks

The Justice Department reports four of the domains were dedicated to spreading disinformation in the U.S., while the remaining sites were aimed at audiences in other parts of the world. In all cases, the domains were seized with their traffic being redirected to another website, according to court documents.

"Four of the domains purported to be genuine news outlets but were actually controlled by the IRGC and targeted audiences in the United States, to covertly influence United States policy and public opinion, in violation of the Foreign Agents Registration Act (FARA)," the Justice Department says.

The seizure of the domains included assistance from Google and Facebook, prosecutors say.

These seizures follow a similar move in October, when 92 Iranian propaganda sites were taken down by the Justice Department (see: DOJ Seizes Domains Used for Iranian Disinformation Campaigns).

John C. Demers, assistant attorney general for national security, notes the Justice Department has been very active in recent months having also seized Iranian weapons, fuel, and disrupting the country's covert influence infrastructure.

"As long as Iran's leaders are trying to destabilize the world through the state-sponsorship of terrorism and the taking of hostages, we will continue to enforce U.S. sanctions and take other legal steps to counter them," Demers says.

IRGC Operations in the U.S.

The Islamic Revolutionary Guard Corps registered all 27 domains with U.S.-based domain registrars and used top-level domains owned by U.S.-based registries. Because the U.S. government has previously found that the organization provides material support to various terrorist groups, the Department of the Treasury's Office of Foreign Assets Control placed the IRGC on its list of Specially Designated Nationals which required the IRGC obtain a special license to operate the domains, according to federal prosecutors.

The required license was not obtained, the Justice Department says.

The four websites targeting a U.S. audience were rpfront.com, ahtribune.com, awdnews.com, and criticalstudies.org. All purported to be legitimate independent news sites, but were controlled by the Islamic Revolutionary Guard Corps, says the Justice Department.

"They were actually operated by or on behalf of the IRGC to target the United States with pro-Iranian propaganda in an attempt to covertly influence the American people to change United States policy concerning Iran and the Middle East," the Justice Department says.

Fake News

Some of the propaganda noted in the court documents says awdnews.com, also known as Another Western Dawn, published material critical of Saudi-led efforts and the Israeli state. As further evidence, the Justice Department noted the security firm FireEye considered AWDnews.com a fraudulent news site.

"Further, FireEye reported that Twitter account @fairobservers linked to a phone number with the +98 Iranian country code–promoted content on both awdnews.com and whatsupic.com," the court document note.

These four sites were seized for violating the Foreign Agents Registration Act that requires foreign entities to register and submit periodic registration statements containing truthful information about their activities and the income earned, which was not done in this situation, the Justice Department reports.

All the websites were registered under false names and the content originated from Iran, according to the court documents.

The operations conducted prior to being seized fell in line with previously seen Iranian campaigns, says the Justice Department, noting Iran prefers to focus on soft targets.

The court document detailing the Iranian activities cited Philip Howard from Oxford Internet Institute, who was presented as an expert witness at the Open Hearing on Foreign Influence Operations' Use of Social Media Platforms Before the Select Committee on Intelligence of the U.S. Senate on August 1, 2018.

At that time, Howard described Iran as one of several studied countries that have organized dedicated disinformation campaigns, and, in particular, had a recently exposed social media manipulation operation.


About the Author

Doug Olenick

Doug Olenick

Former News Editor, ISMG

Olenick has covered the cybersecurity and computer technology sectors for more than 25 years. Prior to his stint as ISMG as news editor, Olenick was online editor for SC Media, where he covered every aspect of the cybersecurity industry and managed the brand's online presence. Earlier, he worked at TWICE - This Week in Consumer Electronics - for 15 years. He also has contributed to Forbes.com, TheStreet and Mainstreet.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing inforisktoday.eu, you agree to our use of cookies.