Search Mailing List Archives


Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
Limit to: All This Week Last Week This Month Last Month
Select Date Range     through    

[liberationtech] New Access report on fake domain attacks on civil society

Michael Carbone michael at accessnow.org
Wed Sep 11 10:40:22 PDT 2013


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi libtech,

Back in May I asked for examples of fake websites and social media
that impersonate civil society and news organizations to include in a
report that we at Access were working on. Thanks to all those who
provided feedback, we have now released the report:

One of These Things is Not Like the Other:
A Report on Fake Domain Attacks
https://www.accessnow.org/FakeDomainsReport [pdf]

The report details how civil society organizations and news media are
the targets of a variety of sophisticated attacks to compromise their
websites and users, including the use of fake websites and social
media profiles. These fake domain attacks may be created with the
intention to draw readership from the original website and display
alternative content, create confusion amongst a targeted community, or
serve malware to compromise the target audience of the original
website. Attacks were seen in countries as diverse as Belarus, Iran,
Vietnam, and Kazakhstan.

We have observed these attacks on the eves of elections and other
important political events, including during critical social and
political periods. Attacks in Iran and Belarus attempted to minimize
the spread of information and disrupt potential civil unrest during
political elections and anniversaries.

Other attacks in Belarus and Kazakhstan utilized the privileged
position internet service providers (ISPs) have in a user’s
interaction with websites to redirect them away from targeted websites
to the fake websites. In addition, many fake domains took advantage of
procuring similarly-named URLs as the targeted website in order to
provide a sense of trust to the unwary user.

As news organizations and citizen media increasingly rely on digital
means to present their work, state-level adversaries are relying on
novel ways of diminishing their impact and targeting their readers.
Our data provides a window into the methods and effectiveness of these
attacks and the type of government environment that gives rise to them.

In addition, our report provides a number of mitigation mechanisms –
technical, policy, and legal – against fake domains for both users and
targeted websites. By providing such frameworks for mitigating these
attacks, we hope this report will give human rights defenders some of
the tools and understanding needed to better protect themselves and
their work in a hostile digital world.

In conjunction with the report, we have released an online tool “Fake
Domain Detective” (fakedomains.accessnow.org) to help organizations
and individuals search for fake domains of civil society and
independent media websites. If you run across any suspected fake
domains or have feedback on the tool, please share your findings with
us at reports at accessnow.org.

Blogpost with overview of the report:
https://www.accessnow.org/blog/2013/08/01/one-of-these-things-is-not-like-the-other-report-on-fake-domains-attacks-on

Read the report [pdf]: https://www.accessnow.org/FakeDomainsReport

Test out the Fake Domain Detective: http://fakedomains.accessnow.org

Report suspected fake domains: reports at accessnow.org

The report was written and managed by Michael Carbone; data analysis
and visualization by Béchir Nemlaghi and Dillon Reisman; policy and
legal analysis by Peter Micek, Drew Mitnick, Wes Paisley; design by
Mira Rojanasakul; Brett Solomon, Gustaf Björksten, Jochai Ben-Avie.

Let me know if you have any thoughts or comments, thanks!

Best,
Michael

- -- 
Michael Carbone
Manager of Tech Policy & Programs
Access | https://www.accessnow.org
michael at accessnow.org | PGP: 0x81B7A13E
PGP Fingerprint: 25EC 1D0F 2D44 C4F4 5BEF EF83 C471 AD94 81B7 A13E

-----BEGIN PGP SIGNATURE-----

iQIcBAEBAgAGBQJSMKsGAAoJEDH9usG3Jz33EhAP/RmSOa/j8XQj0H/HkM3QONjr
5qcwr2Eli08U6meu5uzrsesx1yCykB1SlJeeWi4GbKPjIejQrg8nfzWvJyvq40+l
yJgDFOE9M0I5UFWu+FcPXIezEiCJSwhgQd2Qe7kgUOwrmCzCsWfJmFkQQeU918dc
/f+sLW+DR0g1vTZXvFc3b1nd8CI1y9Gx+KacoM3HX4SIikDKn+UDfvmetvJ3K3EH
FwuIQssBRNAy4bhSEKUAz8j8EFCBze66zA0vnTMFL/szkM3khH+D7PawaYUAy74g
/cTs2DMnIEObBLgcJnRue5mXjpMjm6Rx0J7hl9oIS+IybOTkpJAsPpq/yT1NwRRg
nFxNdSOCWeZkgExuvzFgK/hNeJN4PbYNFmwyKixYLxln+G1jYsCP9k2x5OAXV4E5
G5Al7fbBvZEKRh+h/htsyUs6VJfVHq81mCX0xT60BH4rM8e35j7R6NkQbwsZ94AH
v6jCmCKK6ZpiA08z3yuRdXQpHiaoXNZDyRay8Er91abMyFhfv7V0OWGBE0/2fhXh
Qgw8Nqtyd8+v76TuSWc22z7ymHvQ8r40zU0N185AuA2Qcr9/lJ85wvQCKZyYzJQX
phdGoDiWuz9dmdgC6RwPnX6PfA4TBHmu/WknWjBLkrFJmRHdhleBal96D0yX3qyx
DGk+mMtrMkp28aSohcNC
=HZx0
-----END PGP SIGNATURE-----



More information about the liberationtech mailing list