FireEye Manager Discusses How Cybersecurity Firm Revealed Propaganda Campaign NPR's Ailsa Chang talks to Lee Foster, manager of FireEye's information operations intelligence analysis team about how the cybersecurity firm identified a suspected influence operation, appearing to come from Iran.
NPR logo

FireEye Manager Discusses How Cybersecurity Firm Revealed Propaganda Campaign

  • Download
  • <iframe src="https://www.npr.org/player/embed/641359735/641359738" width="100%" height="290" frameborder="0" scrolling="no" title="NPR embedded audio player">
  • Transcript
FireEye Manager Discusses How Cybersecurity Firm Revealed Propaganda Campaign

FireEye Manager Discusses How Cybersecurity Firm Revealed Propaganda Campaign

FireEye Manager Discusses How Cybersecurity Firm Revealed Propaganda Campaign

  • Download
  • <iframe src="https://www.npr.org/player/embed/641359735/641359738" width="100%" height="290" frameborder="0" scrolling="no" title="NPR embedded audio player">
  • Transcript

NPR's Ailsa Chang talks to Lee Foster, manager of FireEye's information operations intelligence analysis team about how the cybersecurity firm identified a suspected influence operation, appearing to come from Iran.

AILSA CHANG, HOST:

We're about to hear from one of the people responsible for revealing an alleged Iranian propaganda campaign on social media sites, including Facebook, Twitter and Google. Tech companies removed hundreds of accounts this week linked to that operation, some with ties to state-owned media in Iran. The cybersecurity company FireEye exposed all of this.

Lee Foster manages the information operations analysis team at the company, and he joins us in the studio. Welcome.

LEE FOSTER: Thank you for having me.

CHANG: So tell us how you discovered this Iranian campaign.

FOSTER: So we run a dedicated information operations analysis team which is focused on trying to uncover these kinds of influence operations. We saw a number of social media personas purporting to be American left-leaning liberals but kind of pushing commentary that, you know, was related to in particular Israel and Palestine and so on.

CHANG: Yeah.

FOSTER: And so when we see kind of unusual conversations like that, we like to look further at the kind of source of the content. So from there we were able to actually look at this Liberty Front Press site which claims to be kind of an independent media entity but doesn't have any real detail about who it is, who operates it and so on - so very suspicious. And then from there we just kind of unraveled the broader network of activity.

CHANG: That's fascinating. I understand that FireEye does not believe the Iranian campaign was actually targeting the midterm elections here in the U.S., but are you seeing an uptick in cyberattacks in these months leading up to November?

FOSTER: So in the context of the Iranian operation we uncovered, we don't assess it was designed specifically for the purposes of targeting the midterm elections for the reasons that this activity started up at least since last summer. And Facebook's announcement kind of talked about how in fact they identified accounts perhaps going back even as far as 2011.

CHANG: Wow.

FOSTER: Coupled with the fact that there was a very broad geographic diversity in terms of the focus of some of these accounts and sites. We found sites and social media accounts seemingly dedicated to pushing content to audiences not only in the U.S. but the U.K., the Middle East and Latin America.

CHANG: Now, Facebook has also shut down hundreds of accounts connected to Russian intelligence operations. You guys flagged this Iranian campaign. Does it look like the Iranian campaign took a cue from the Russians or there was any coordination? What did you guys find?

FOSTER: We don't see any evidence of coordination. But the findings that we revealed are significant because it does demonstrate there are other actors beyond Russia...

CHANG: Yeah.

FOSTER: ...That appear to see value in pursuing these kinds of online influence campaigns.

CHANG: Now, in the past couple days we've seen so many announcements by big tech firms saying they've discovered these various plots. How much more is out there do you think that hasn't been discovered?

FOSTER: I mean, that's very difficult to quantify, right?

CHANG: (Laughter) We don't know what we don't know.

FOSTER: Who knows, right? When we discovered this activity, it's not like we were out there looking for an Iranian operation.

CHANG: Right.

FOSTER: It's something we stumbled into. The thing about this activity is the barriers to entry are relatively low, right? It doesn't cost, you know, much money if any money to set up a handful of false personas on social media, set up an inauthentic news site. The new sites that we uncovered were often just appropriating content from legitimate news sources, including Western media organizations, interspersing with that some seemingly original content. But really it doesn't take a nation-state to be able to engage in this kind of activity.

CHANG: Do discoveries of these campaigns like this particular discovery your team just made - do they help inform you to be even more vigilant and to be able to detect more easily future campaigns?

FOSTER: So the interesting thing about the campaign we've identified here is how similar it is to other campaigns in terms of the methods and tactics used. But the really kind of big, significant thing about our finding here is it demonstrates that there are actors beyond Russia that are engaging in this type of activity. And so it really highlights just how kind of broad this problem really can be.

CHANG: Lee Foster is the manager of the information operations analysis team for the cybersecurity company FireEye. Thank you so much for coming into the studio today.

FOSTER: Thank you for having me.

Copyright © 2018 NPR. All rights reserved. Visit our website terms of use and permissions pages at www.npr.org for further information.

NPR transcripts are created on a rush deadline by Verb8tm, Inc., an NPR contractor, and produced using a proprietary transcription process developed with NPR. This text may not be in its final form and may be updated or revised in the future. Accuracy and availability may vary. The authoritative record of NPR’s programming is the audio record.