Security
Headlines
HeadlinesLatestCVEs

Headline

Instagram Slow to Tackle Bots Targeting Iranian Women’s Groups

Despite alerting Meta months ago, feminist groups say tens of thousands of fake accounts continue to bombard them on the platform.

Wired
#git#intel#auth

IRANIAN women’s rights groups have for months faced a deluge of bots following their Instagram accounts and disrupting their digital outreach operations. Activists say that while they have repeatedly asked Meta, Instagram’s parent company, to stymie the flood of junk followers, more keep coming, totaling in the millions across dozens of organizations operating in Iran and elsewhere around the world.

The targeted bot campaigns, in which a group receives tens of thousands of new followers in as little as a single day, have gained momentum as the Iranian government works to counter broad dissent focused on an array of pressing social issues, including economic hardship. Women’s rights activists say they have faced a particularly aggressive crackdown from the government in recent months, with some surveilled by law enforcement and arrested. As the National Day of Hijab and Chastity approached last Tuesday, women around the country participated in #No2Hijab actions, in which they pushed back their hijabs, revealing their hair, or removed them altogether. Authorities label participants “bad-hijab women.”

Through it all, Instagram has served as a crucial communication platform for feminist organizers because it is one of the few international platforms accessible and uncensored in Iran’s tightly controlled digital landscape.

“More and more people are pushing back against hijab right now; it’s unprecedented and I think the government is feeling threatened by the women’s rights movement,” says Firuzeh Mahmoudi, executive director of United for Iran, one of the organizations that has faced bot targeting on its Instagram page. “So whatever is going on with these bots that have been purchased systematically to target Instagram pages is definitely not a coincidence, in my opinion. We’ve seen about 30 women’s rights groups inside Iran and 40 outside targeted in this way.”

The bot campaigns align with the interests of the Iranian regime, but the actors behind them haven’t yet been identified. The attacks are in some ways subtle because they don’t involve a flood of malicious comments or attempts to take down entire pages. Instead, activists say, their Instagram pages—which often have just a few thousand followers—suddenly gain tens of thousands more in the span of a few hours. The new follower accounts seem to be named using long, systematic strings of unintelligible consonants and numbers. In one example, Mahmoudi says that a United for Iran page jumped from consistently averaging around 27,000 followers to 70,000 overnight. Other activists shared similar stories of their accounts gaining tens of thousands of followers in a few hours in recent weeks and then gaining and losing followers a few thousand at a time after that.

These massive spikes and fluctuations skew administrators’ metrics, making it hard to determine whether they are reaching legitimate followers with their posts and stories. Activists also note that the bot accounts will individually report specific posts to Instagram as abusive to get them wrongly taken down.

“It’s not consistent, but it hasn’t stopped since April,” says Shaghayegh Norouzi, founder of Me_Too_Movement_Iran. “For example, if we are working on a sexual assault report from someone with strong connections to the government, we get a lot of fake followers. In the past 10 days, over 100,000 fake accounts have been added to our public account. They repeatedly report our posts, so Instagram removes our posts. These attacks specifically affect our performance to spread our message and be in contact with women and minorities who need our help.”

Despite having known about the issue for months, Meta tells WIRED that its investigation into the bot attacks is ongoing and not yet complete. “We want everyone to feel safe on Instagram—particularly activists, both in Iran and around the world,” a company spokesperson said in a statement. “We are continuing to investigate the activists’ concerns and will take action on any accounts that break our rules.”

The company says it has been receiving updates about the issues from Iranian women’s rights activists since April and had taken down hundreds of Instagram accounts in connection with the activity prior to this week. Meta describes the bot bombardments as adversarial but says it has not found evidence of automated or scripted activity. When asked what else could explain the patterns the activists have been seeing on their accounts, the company declined to comment on the record.

After WIRED reached out to Meta for comment, the company initially said it “checkpointed” a few hundred more accounts, a protective measure in which potentially suspicious accounts are blocked unless their owner can confirm their identity. Moments prior to publication, a Meta spokesperson said the company was taking down an additional 18,000 accounts that have targeted Iranian women’s rights groups. The company says that, in contrast to the activists’ reports, it does not see evidence that individual posts are being falsely reported and taken down.

Me_Too_Movement_Iran’s Norouzi says her organization has been forced to create a private Instagram page in addition to its public one in an attempt to create a safe space for legitimate users. But multiple page administrators tell WIRED that it is difficult and time-consuming to screen followers and noted that, of course, creating a private page limits who can see posts.

At the end of June, a consortium of activists released a statement with AccessNow about the attacks on Iranian women’s groups, urging Meta to take action against the bots.

“The fake followers have built a campaign of harassment by using high numbers of comments to intimidate and silence these users,” the groups wrote. “The fake followers have also damaged the credibility of the accounts they have targeted, resulting in a significant loss in engagement, likes, and viewership. This campaign is essentially drowning out the real engagement and outreach these accounts previously had.”

Last month, digital rights and security nonprofit Qurium released an analysis of the campaigns targeting Iranian feminist groups. The researchers found that the bots used in April and May seemed to be purchased from a few specific social media marketing companies based in Pakistan. The firms advertise services through which a customer could spend about $50 to purchase 10,000 bot followers or about $1,500 for up to 1 million fake accounts.

“So far, Meta has been slow to investigate this problem, even though the fake followers violate Meta’s ‘inauthentic behaviour policy,’” the groups wrote at the end of June. “They do not depict typical bot-like behaviour, and are potentially being operated by real humans from paid-for troll farms. Despite these complexities, Meta has enough documentation and evidence … to warrant swift action.”

For weeks, numerous groups have been communicating with Meta about the issue. Tord Lundström, Qurium’s technical director, tells WIRED that he has been trying to provide concrete suggestions to the company on how to investigate and identify the bots Qurium discovered in its analysis.

“The response from Facebook can be summarized as follows: ‘We are looking into it, it is very difficult to solve, we have lots of people working on it,’ but nothing happens,” Lundström tells WIRED. “The fake followers, likes, and reviews industry has been camping inside Facebook for years. We have identified dozens of portals inside Facebook providing these services. It takes seconds to find them, but it seems that Facebook has difficulties stopping this market. Why?"

Milad Keshtan, program lead at United For Iran, expressed similar frustrations. “We have really clear action items that Meta could take to help us mitigate these campaigns, but we haven’t seen any response from them, even though we have reached out to them directly,” he says.

Meta emphasized that its investigation is ongoing and that multiple teams within the company are analyzing the activity. But the company did not comment on the record about why it hasn’t specifically acted on the researchers’ recommendations.

And it is a particularly urgent moment for comprehensive action to safeguard the accounts of Iranian women’s rights organizers.

“The Me Too movement in Iran started about three years ago and has grown exponentially in the past six months,” Me_Too_Movement_Iran’s Norouzi says. “Of course, government and anti-feminist movements in Iran do not like this growth and awareness. And it’s not only us as feminist activists, but also whoever has collaborated with us who have experienced these attacks on Instagram. We are in shock that Instagram is letting people use their platform to shut down voices of women and minorities.”

Wired: Latest News

Bitfinex Hacker Gets 5 Years for $10 Billion Bitcoin Heist