Hackers are domain-spoofing UK’s top media firms to spread fake news
4 October 2018
Web domains of leading media organisations in the UK such as BBC News, The Guardian, Sky News, ITV News, and the Daily Mail are being regularly spoofed by cyber criminals to spread disinformation and fake news to the public, research by DomainTools has revealed.
Earlier this year, Action Fraud warned people about how cyber criminals were spoofing the websites of well-known UK universities to defraud British and European supply companies out of vast sums of money. Not only did the criminals use spoofed websites to order goods in the names of such universities, in a separate domain-spoofing operation, they used a fake website of Newcastle University to ask prospective students to pay admission and course fees on the website itself aside from sharing their personal details.
Domain-spoofing is not a recent phenomenon but has been used by cyber criminals frequently over the past decade to defraud unsuspecting customers, clients, or students out of vast sums of money. This kind of spoofing involves cyber criminals creating fake domains that look pretty much like those of genuine organisations at first glance, thereby fooling visitors to fake websites.
Cyber criminals frequently mimic the domains of popular e-commerce firms as well to defraud online buyers during sale seasons and obtain credit card details and other personal information of thousands of site visitors.
Top UK media firms are victims of domain-spoofing
New research from DNS-based cyber threat intelligence firm DomainTools has revealed how cyber criminals are now using domain-spoofing to spread disinformation and fake news to the public as well. After analysing domains associated with leading UK media organisations BBC News, The Guardian, Sky News, ITV News, and the Daily Mail, the firm discovered as many as 197 fraudulent domains that mimicked genuine ones.
Some of these fraudulent domains are bbcnew[.]info, theguarsian[.]com, synews[.]co, ifvnews[.]cn, and dailymail[.]cm and these domains can easily fool users who are not paying close attention to check if the web addresses are indeed genuine.
“These malicious domains are a kind-of double whammy, as they can be both engaged in the spread of fake news and in spreading malicious software. While malicious software can be damaging for the organisation or the individual, fake news has a broader corrosive aspect, as it can damage the very institutions on which our democracies stand,” said Tim Helming, director of product management at DomainTools.
“These ideas can polarise and galvanise extreme forces in our country, ultimately ending as a threat to us all, especially where trusted news sources such as the ones above are concerned,” he added.
Considering that there are hundreds of fake domains that mimic those of leading news organisations, the firm is advising online news readers to watch out for domains that have COM-[text] in them, check for typos on websites, coupons, and links, look out for ‘rn’ disguised as an ‘m’, identify the domains in links by hovering over URLs, and double-check if a news item makes sensational or provocative claims about a polarising issue.
Earlier this year, research by DomainTools had revealed that cyber criminals used domain-spoofing to mimic websites of ten well-known and popular charities in the UK such as Cancer Research, The National Trust, NSPCC, Oxfam, The Red Cross, Salvation Army, Wateraid, Save The Children and Unicef. The firm found as many as 170 fake domains and deemed them high-risk for phishing, malware and other forms of cybercrime.
This is, however, not the first time that malicious actors have used fake news and disinformation to spread discontent among the public or to harm the democratic process. In November last year, the government asked departments and officials to monitor social media and to flag articles that disinformed the public after certain articles that appeared on social media spread disinformation and fake news over flu and measles vaccination programmes run by the government.
According to The Mirror, the government was also investigating whether fake news and disinformation over vaccination programmes were the primary reasons behind an outbreak of measles in Liverpool and Leeds. It was believed that unvaccinated children picked up the virus from abroad and were spreading it to the rest of the public.
Yet another Russian conspiracy?
Speaking to The Mirror, Chris Phillips, the former head of the National Counter Terrorism Security Office, said that the disinformation campaign was led and managed by Russian cyber units who were intent on destabilising the UK and the West.
“The Russians have long felt that the UK, America and the European Union is a major threat to them so have developed major strategies in how to interfere with politics, policy, and now it seems the interference is impacting on vital decisions in our daily lives. The art of being able to exert this control over a society is arguably one of the most powerful weapons available in modern warfare.
“If the Russian government, or whoever, wishes to exert this kind of influence, is able to cause difficulty in decisions, in trusting the government of the day in that country, or otherwise trusted media and news organisations, then so much the better for them,” he said.