Executive Summary 🔗︎
Over the course of the past decade, the internet has dramatically transformed the nature of how information spreads, bringing with it both good and bad consequences. One of the most prominent issues that has multiplied thanks to the internet is disinformation.
Disinformation takes place when misleading or biased information is deliberately spread by threat groups, nation states, counter-intelligence groups, or interest groups. It can take many forms, from fake news to memes and propaganda, all of them seeking to influence and control public opinion.
These campaigns leave behind evidence in the form of digital artifacts, such as IP addresses or URLs. Maltego can quickly enrich and link these artifacts to present a visual map of the campaign’s online infrastructure, thus providing a deeper understanding as to how specific disinformation spreads and who might be behind it.
Map the Online Infrastructure behind disinformation 🔗︎
The goal of the following workflow is to use Maltego to retrieve information related to the Iranian network infrastructure suspected by the US Department of Justice (DoJ) of spreading disinformation. To do so, we will be using the following Hub items: WhoisXML and the Maltego Standard Transforms.
We will start our investigation with three of the domains that were seized by the DoJ in June 2021 for allegedly spreading disinformation: presstv[.]com, lualuatv[.]com, and almasirah[.]net. We will use these domains to gauge the possible size of the impact suffered by this disinformation machine after the domain seizure took place.