Here's some real news about Fake News: Hackers could ride the wave of phony news stories to rip off unsuspecting victims of millions of dollars. Malware called Wdfload Trojan, the heart of an annoying adware program called Searchmaster, is capable of inserting fake search results onto legitimate web search pages – and it can also be used to display in-text ads, or even turn random words on a web page into hyperlinks. On a product search page, Wdfload is used to display fake ads; could it be used to display fake stories on a news result page – stories that could be used to rip off readers for huge amounts of money?
And if a fake Wdfload news story is accompanied by fake AI-based audio or video clips – in which new artificial intelligence technology-based tools are able to “graft” audio onto the lip movements of a speaker in a realistic manner, completely changing what was really said – you have a one-two punch that makes the fake news look very, very real.
Fake news is all the rage these days, first coming into prominence during the election campaign that propelled Donald Trump to the presidency, with both Republicans and Democrats accusing the media of tooling with facts to make their favorite look better. Since the election, it's a meme that has haunted discourse on both sides of the aisle; for example, as of July 9th, the President has used the term”fake news” 66 times in his Twitter feed (that number has changed since that tally was made), with many of the tweets criticizing the media, while Democrats charge that Russia helped Trump get elected by planting fake news stories in the U.S. media.
The issue has become serious enough (ie, enough people are concerned about it) that Facebook found it necessary to develop a mechanism to check facts in news stories and flag them (the system has been criticized as being less than accurate, and not too effective in keeping phony stories off the site). There are even scientific studies about fake news, where the authors examine “an increase in the polarization of users and URLs associated with fake-news [Twitter] keywords and hashtags, when compared to information not labeled as 'fake news.'”
The issue of “fake news” really isn't new; for a long time, people on different sides of an issue have been accusing journalists of favoring their pet agendas and foreign governments of espousing fake facts, but since the election, the issue has become front page news – and is, perhaps for the first time, being taken very seriously. And now that the fake news cat is out of the bag, people are asking if, and whether, fake news can be, has been, or is being used to manipulate opinion or falsify information in areas other than politics – like business. In fact, it's already happened: In May, the SEC announced that it had charged 27 businesses and individuals “for deceiving investors into believing what they were reading on websites were independent, impartial analyses of stocks.” Seventeen of the companies had settled, paying fines between $2,200 and $3 million.
Good for the SEC, but don't count on it to protect you from barrages of fake news – especially if the entities putting out that news are using Wdfload. How's this for a scam: A hacker group decides (or is hired) to target a group of potential “investors” (read: pigeons), say a group of wealthy elderly people who are active in the stock market (sponsors of this scam will have been able to focus on this group based on stolen data purchased on the Dark Web). The hackers use Wdfload to spread phony news stories about the investment (praising it, quoting “experts,” etc.) complete with links to “research” and “data” - and with pop-ups offering assistance to readers interested in “more information” (ie a high-pressure sales call). Substitute “investments” and “elderly” with terms like “shareholders” and “CEO,” or “donors” and “charity,” and you get a wide-ranging perspective on just how damaging fake news can be.
There is no way the SEC, Facebook, or any other organization could detect or prevent this kind of scam. The only way to prevent it is to nip Wdfload in the bud, getting it off the computers or networks of potential victims. Like most malware, Wdfload is distributed via installs (in the guise of Searchmaster, it often comes as part of a software installation bundle), email links, attachments, etc. In an organization setting, all it takes is one victim to click on the appropriate link or open the problematic attachment and infect the entire office. And considering the fact 91% of malware attacks have their origins in email phishing scams – a statistic that has remained constant for years, despite the best efforts of security experts to convince users not to click on or open suspicious messages or attachments – it appears that organizations are going to have to do something beyond just telling people to “be careful.”
One idea that could help keep fake news away is better filtering – keeping rogue files and links away using advanced cyber-security technology, sandboxes, and in a corporate environment, even network segregation –where internal corporate networks containing information on the organization’s business and budget are kept separate from the Internet. The system prevents access by rogue items to the internal network, so that malware does not have a chance to plant itself inside systems. It's a solution, of course, that works with all sorts of malware, from ransomware to keyloggers – but it can be especially important in preventing targeted fake news. The SEC can manage with mass-distribution business fake news story, and Facebook can tag the political fake news stories – but when it comes to the biggest potential fake news danger, users and organizations are on their own. Keeping Wdfload away is the first step to taking back the Internet from the fakers.
Israel, CEO of BUFFERZONE
Image Credit: Workandapix / Pixabay