Westminster attack: the day after
An armed police officer patrols by a security cordon set up along Whitehall by the Houses of Parliament, London. Justin Tallis/AFP

Kremlin-linked trolls active on Twitter and Facebook used fake profiles to incite anger and spread social division following UK terror attacks, experts have claimed.

At least 47 accounts posted divisive updates in the wake of terrorist incidents, including the attacks at Manchester Arena and London Bridge, spreading 475 messages shared over 150,000 times. Inflammatory statements were made "within 15 minutes" of the tragic events.

A report released Monday (18 December) from the Cardiff University Crime and Security Research Institute (CSRI) revealed the posts were part of a "systematic" campaign directed at the UK.

It said the level of influence some accounts had was "more extensive than has been reported to date".

One of the exposed Twitter profiles, @TEN_GOP, was first linked to a Kremlin troll farm – a state-backed effort to use the web for disruption – in October this year.

Experts at the time found that it had posed as a Republican profile for nearly two years, and at one point had been retweeted by Donald Trump.

One of the tweets noted by the Cardiff researchers was a @TEN_GOP screenshot taken from news footage of the London Bridge attack, claiming Muslims had been laughing at the scene.

A separate anti-Islam tweet, posted following the Manchester bombing, had been circulated thousands of times. The divisive message stated: "Another day, another Muslim terrorist attack. RETWEET if you think that Islam needs to be banned RIGHT NOW!"

In total, the paper found that the number of original messages from fake accounts reached 293 following the attack in Manchester, 35 after Westminster, 140 after London Bridge and seven after the incident at Finsbury Park. The accounts attempted to gain support from UK right-wing figures, including Nigel Farage and Tommy Robinson, in order to boost their reach.

A high proportion of the most active accounts were claiming to offer "breaking news". The full scope of reach – and, ultimately, their effectiveness – remains difficult to quantify, experts said.

The report was funded by CREST, the Centre for Research and Evidence on Security Threats. It was based on a set of "30 million data points from various social media platforms".

It concluded: "It is quite likely that there are additional accounts that we have not identified because they are more directly concerned with British and European issues. The fake accounts underpinning this analysis are more likely to have been concerned with American affairs.

"The evidence suggests a systematic strategic political communications campaign being directed at the UK designed to amplify the public harms of terrorist attacks."

Anthony Glees, a University of Buckingham expert, told The Times: "It's self-evident they aim to confuse, to mobilise and radicalise public opinion, hoping to set off a chain reaction which could ultimately lead to violence on the streets and so to a breakdown of law and order.

Russia hacker
Russian hackers were using Twitter to spread messages after terror attacks in the UK, new research has found iStock

"This goes way beyond a simple attempt to influence the way a person votes in an election," he added.

Facebook and Twitter have faced intense scrutiny following the Moscow-led campaign allegedly designed to influence the outcome of the 2016 presidential election in the US.

Facebook recently admitted to selling advertising to Russia-linked accounts that were used to seed political and racial tension.

Twitter said it found a total of 201 accounts with evidence of suspicious Russia affiliations.

In recent weeks, speculation has mounted over how similar accounts could have been used to influence the Brexit vote. The Kremlin has denied all links to the clandestine operations.

US intelligence, however, believes the nation's president, Vladimir Putin, sanctioned the scheme in an attempt to aid the rise of then-president elect Donald Trump to the White House.

You can read the full CSRI report here.