Search Mailing List Archives

Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
Limit to: All This Week Last Week This Month Last Month
Select Date Range     through    

[liberationtech] New Access report on fake domain attacks on civil society

Dan Staples dan at
Thu Sep 12 12:10:26 PDT 2013

Disclaimer: This is not a critique of Access or your report; it is a
well-researched report with solid conclusions. In fact, you bring up
the point I am about to make on page 11 of the report, which I
appreciate. I bring this up because I think it could use discussion.

While spoofing civil society groups using fake domains is certainly
deceptive, and most often carried out with the intent of attacking
supporters of human rights, I would caution against denouncing the use
of fake domain attacks altogether.

As a tactic, fake domain attacks (and more generally impersonating
organizations or companies) have been used by activists to target both
corporations and non-profits (i.e. civil society groups) as a media
stunt to highlight these groups' harmful practices.

Some examples of this in the US recently include the PINK Loves
Consent campaign [1] targeting Victoria's Secret (full disclosure: I
worked on this), pretty much anything by the Yes Men [2], and (sort
of) Susan G. Komen For the Cure [3].

Tactics which have duplicitous aims always need to be considered
within the context of the campaign to measure their appropriateness,
but I certainly think fake domain attacks can be used legitimately
against both civil society groups and corporations for furthering
human rights goals.

We also shouldn't make the mistake of assuming all civil society
groups are necessarily good or supportive of human rights; it's an
implicit assumption I often see in international development
discourses. But that's a whole other discussion...




[3] a website hack rather than a fake domain attack, but the same goal
of impersonation for political awareness purposes:

On 09/11/2013 01:40 PM, Michael Carbone wrote:
> Hi libtech,
> Back in May I asked for examples of fake websites and social media 
> that impersonate civil society and news organizations to include in
> a report that we at Access were working on. Thanks to all those
> who provided feedback, we have now released the report:
> One of These Things is Not Like the Other: A Report on Fake Domain
> Attacks [pdf]
> The report details how civil society organizations and news media
> are the targets of a variety of sophisticated attacks to compromise
> their websites and users, including the use of fake websites and
> social media profiles. These fake domain attacks may be created
> with the intention to draw readership from the original website and
> display alternative content, create confusion amongst a targeted
> community, or serve malware to compromise the target audience of
> the original website. Attacks were seen in countries as diverse as
> Belarus, Iran, Vietnam, and Kazakhstan.
> We have observed these attacks on the eves of elections and other 
> important political events, including during critical social and 
> political periods. Attacks in Iran and Belarus attempted to
> minimize the spread of information and disrupt potential civil
> unrest during political elections and anniversaries.
> Other attacks in Belarus and Kazakhstan utilized the privileged 
> position internet service providers (ISPs) have in a user’s 
> interaction with websites to redirect them away from targeted
> websites to the fake websites. In addition, many fake domains took
> advantage of procuring similarly-named URLs as the targeted website
> in order to provide a sense of trust to the unwary user.
> As news organizations and citizen media increasingly rely on
> digital means to present their work, state-level adversaries are
> relying on novel ways of diminishing their impact and targeting
> their readers. Our data provides a window into the methods and
> effectiveness of these attacks and the type of government
> environment that gives rise to them.
> In addition, our report provides a number of mitigation mechanisms
> – technical, policy, and legal – against fake domains for both
> users and targeted websites. By providing such frameworks for
> mitigating these attacks, we hope this report will give human
> rights defenders some of the tools and understanding needed to
> better protect themselves and their work in a hostile digital
> world.
> In conjunction with the report, we have released an online tool
> “Fake Domain Detective” ( to help
> organizations and individuals search for fake domains of civil
> society and independent media websites. If you run across any
> suspected fake domains or have feedback on the tool, please share
> your findings with us at reports at
> Blogpost with overview of the report: 
>  Read the report [pdf]:
> Test out the Fake Domain Detective:
> Report suspected fake domains: reports at
> The report was written and managed by Michael Carbone; data
> analysis and visualization by Béchir Nemlaghi and Dillon Reisman;
> policy and legal analysis by Peter Micek, Drew Mitnick, Wes
> Paisley; design by Mira Rojanasakul; Brett Solomon, Gustaf
> Björksten, Jochai Ben-Avie.
> Let me know if you have any thoughts or comments, thanks!
> Best, Michael

OpenPGP key:
Fingerprint: 2480 095D 4B16 436F 35AB 7305 F670 74ED BD86 43A9

More information about the liberationtech mailing list