Civil society organizations and independent media are the targets of a variety of sophisticated attacks to compromise their websites and users – including the use of fake websites and social media profiles, a new report by Access analyzes. The report was released in conjunction with a talk by Access’ Michael Carbone at the Connaught Institute on Monitoring Internet Openness and Rights at University of Toronto.
Figures (A) and (B) are screenshots of two nearly-identical news sites, only one of which is the original BBC News site (images taken July 3rd, 2013).
Fake domain attacks go beyond the phishing attacks for banking information or commercial gain traditionally understood to involve fake domains — they represent a significant front some state-aligned actors are waging against independent media and civil society organizations. These fake domain attacks may be created with the intention to draw readership from the original website and display alternative content, create confusion amongst a targeted community, or serve malware to compromise the target audience of the original website. Attacks were seen in countries as diverse as Belarus, Iran, Vietnam, and Kazakhstan.
We have observed these attacks on the eves of elections and other important political events, including during critical social and political periods. Such attacks in Iran and Belarus attempted to minimize the spread of information and disrupt potential civil unrest during political elections and anniversaries.
Other attacks in Belarus and Kazakhstan utilized the privileged position internet service providers (ISPs) have in a user’s interaction with websites to redirect them away from targeted websites to the fake websites. In addition, many fake domains took advantage of procuring similarly-named URLs as the targeted website in order to provide a sense of trust to the unwary user.
As news organizations and citizen media increasingly rely on digital means to present their work, state-level adversaries are relying on novel ways of diminishing their impact and targeting their readers. Our data provides a window into the methods and effectiveness of these attacks and the type of government environment that gives rise to them. In addition, our report provides a number of mitigation mechanisms – technical, policy, and legal – against fake domains for both users and targeted websites. By providing such frameworks for mitigating these attacks, this report should give human rights defenders the tools and understanding needed to better protect themselves and their work in an increasingly hostile digital world.
We have released a online tool “Fake Domain Detective” to help organizations and individuals search for fake domains of civil society and independent media websites. If you know of or find any fake domains attacks not covered in this report, please contact us at firstname.lastname@example.org.