Search Mailing List Archives

Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
Limit to: All This Week Last Week This Month Last Month
Select Date Range     through    

[liberationtech] New Access report on fake domain attacks on civil society

Michael Carbone michael at
Wed Sep 11 10:40:22 PDT 2013

Hash: SHA1

Hi libtech,

Back in May I asked for examples of fake websites and social media
that impersonate civil society and news organizations to include in a
report that we at Access were working on. Thanks to all those who
provided feedback, we have now released the report:

One of These Things is Not Like the Other:
A Report on Fake Domain Attacks [pdf]

The report details how civil society organizations and news media are
the targets of a variety of sophisticated attacks to compromise their
websites and users, including the use of fake websites and social
media profiles. These fake domain attacks may be created with the
intention to draw readership from the original website and display
alternative content, create confusion amongst a targeted community, or
serve malware to compromise the target audience of the original
website. Attacks were seen in countries as diverse as Belarus, Iran,
Vietnam, and Kazakhstan.

We have observed these attacks on the eves of elections and other
important political events, including during critical social and
political periods. Attacks in Iran and Belarus attempted to minimize
the spread of information and disrupt potential civil unrest during
political elections and anniversaries.

Other attacks in Belarus and Kazakhstan utilized the privileged
position internet service providers (ISPs) have in a user’s
interaction with websites to redirect them away from targeted websites
to the fake websites. In addition, many fake domains took advantage of
procuring similarly-named URLs as the targeted website in order to
provide a sense of trust to the unwary user.

As news organizations and citizen media increasingly rely on digital
means to present their work, state-level adversaries are relying on
novel ways of diminishing their impact and targeting their readers.
Our data provides a window into the methods and effectiveness of these
attacks and the type of government environment that gives rise to them.

In addition, our report provides a number of mitigation mechanisms –
technical, policy, and legal – against fake domains for both users and
targeted websites. By providing such frameworks for mitigating these
attacks, we hope this report will give human rights defenders some of
the tools and understanding needed to better protect themselves and
their work in a hostile digital world.

In conjunction with the report, we have released an online tool “Fake
Domain Detective” ( to help organizations
and individuals search for fake domains of civil society and
independent media websites. If you run across any suspected fake
domains or have feedback on the tool, please share your findings with
us at reports at

Blogpost with overview of the report:

Read the report [pdf]:

Test out the Fake Domain Detective:

Report suspected fake domains: reports at

The report was written and managed by Michael Carbone; data analysis
and visualization by Béchir Nemlaghi and Dillon Reisman; policy and
legal analysis by Peter Micek, Drew Mitnick, Wes Paisley; design by
Mira Rojanasakul; Brett Solomon, Gustaf Björksten, Jochai Ben-Avie.

Let me know if you have any thoughts or comments, thanks!


- -- 
Michael Carbone
Manager of Tech Policy & Programs
Access |
michael at | PGP: 0x81B7A13E
PGP Fingerprint: 25EC 1D0F 2D44 C4F4 5BEF EF83 C471 AD94 81B7 A13E



More information about the liberationtech mailing list