JAN 05, 2017
The “weaponization” of information exploded during the recent U.S. presidential campaign, prompting U.S. intelligence agencies to conclude that Russian meddled in the American presidential election. While one analyst insists that “fake news” is “old news” as its relates to sophisticated nation states and cyber adversaries, he also warns the impact of malware delivered via a single click on a fake news story or “spear phishing” campaigns could eventually knock out critical infrastructure and undermine security.
What’s more, argues James Scott, a senior fellow at Center for Critical Infrastructure Technology, cyber-terrorists also are “beginning to leverage news and fake news lures.”
The Washington-based cyber security think tank notes in a blog post this week that advanced persistent threat (APT) groups with access to significant resources and capable of launching sustained dedicated attacks are increasingly turning to news as “the most common social engineering lure.”
In one recent example cited by the cyber center, a group called APT 30 used a spear phishing email with subject headers related to the disappearance of Malaysian Airlines fight 370 and the shoot down of MH 17 to lure victims. The emails included stories and video containing malicious code.
APT 30, also known as the Naikon group, has used similar news lures to gather intelligence about Asian civilian and military agencies. Scott, the cyber analyst, reported that the hackers “speak native Chinese,” which presumably means Mandarin, and use sophisticated toolkits, prompting him to conclude that ” there is a distinct possibility that Naikon is a Chinese state sponsored threat group.”
The so-called weaponization of news that has recently been tied to Russian intelligence services plays on the human urge to note and click on trending news stories, the cyber center emphasized. The approach has the added advantages of low risk, high probability of success, minimal investment and big payoffs.
“By either compromising a legitimate news outlet and transforming it into a watering-hole site or by purchasing banner space on the site and directing the users who click to malicious sites, cyber adversaries can capitalize on society’s natural proclivity to follow media coverage of major events,” Scott noted in his post.
The APT fake news campaigns have emerged in parallel with more traditional hacks such as attacks on media outlets by the pro-Assad Syrian Electronic Army. Along with defacing web sites and hijacking social media accounts, the group also used malware and phishing campaigns to monitor human rights groups and Syrian rebels.
Meanwhile, Scott said groups likely sponsored by the Russian government such as APT 28 are actively gathering “geopolitical information specifically relevant to Russia interests.” That information is then used to leverage future cyber sorties. The group is known to have launch attacks against European governments and NATO affiliates as well as military and security organizations.
Scott argues that the current U.S. debate over fake news and “adversarial use of news” by groups like “Alt Right” distracts from the reality that weaponized information that is being used to deliver malicious code. That code will in turn allow global networks to be used as conduits to penetrate critical infrastructure and steal intellectual property.
Ultimately, others would argue, the proliferation of weaponized information also could help undermine western democracies.
George Leopold is a contributing editor for Defense Systems and author of <a “http:=”” http://www.thepress.purdue.edu=”” titles=”” format=”” 9781557537454″=”” target=”_” blank”=””>Calculated Risk: The Supersonic Life and Times of Gus Grissom.”Connect with him on Twitter at @gleopold1.