Disinformation Through Fabricated News Sites

Information operations campaigns are conducted seemingly every day by a wide variety of individuals, from less sophisticated hacktivists to nation-state backed actors. Examples of this activity include the mimicking and defacement of legitimate news websites and social media accounts, often with the intent to disrupt targeted organizations, influence public opinion, and discredit adversaries.

FireEye iSIGHT Intelligence has observed, for example, pro-Ukraine hacktivists compromise news outlets and publish articles and press releases that are critical of Russian government policies. In several instances, these fake articles were subsequently republished by other news sites. Additionally, in August 2017, FireEye iSIGHT Intelligence reported on domains that spoofed the URLs of major international news outlets. One of these, a website that mimicked British newspaper The Guardian, hosted an article promoting a narrative consistent with previously observed pro-Russian disinformation.

Hoaxers and financially motivated individuals will also mimic news sites, sometimes using clickbait articles to generate revenue. FireEye iSIGHT Intelligence has even observed the use of fabricated news to adversely impact a company’s stock and influence stock markets. While more sophisticated disinformation tactics – a combination of fabricated news and social media troll and bot amplifiers, for example – appears to be primarily the work of nation-states, FireEye iSIGHT Intelligence anticipates that other malicious actors will increasingly leverage these tactics to achieve their goals.

Information operations campaigns can have significant political, financial, and legal repercussions. The consequences from a legal perspective have been relatively small thus far, but are likely to grow quickly. While it is obviously near impossible to stop information operations campaigns completely, offering a counter-narrative – or taking measures to mitigate the impact – could soon become an obligation for companies, particularly when the information campaign could have a negative financial impact.

In other words, companies that are aware of deliberately spread misinformation should consider taking active countermeasures. In this case, active countermeasures could mean working with government or law enforcement officials to identify and stop the misinformation, as well as releasing corrected factual information.

Moreover, as with any layered cyber security program, companies should be monitoring for the theft or misuse of employee credentials. Whether with respect to information operations or cybercrime in general, the misuse of credentials to impersonate employees and gain unauthorized access to systems is commonplace, and so the ability to identify when credentials have been compromised – thus, allowing them to be reset – is an important component of any cybersecurity program.

Brian E. Finch is a partner at Pillsbury Winthrop Shaw Pittman LLP and co-leader of the firm’s Cybersecurity, Data Protection and Privacy practice. He can be reached at brian.finch@pillsburylaw.com.