Email
Password
Remember meForgot password?
    Log in with Twitter

article imageFake News Investigation: Check ‘Fakes’ with Threat Intelligence

This article is sponsored content produced by Threat Intelligence Platform (TIP)—a data, tool, and API provider that specializes in automated threat detection, security analysis, and threat intelligence solutions for Fortune 1000 and cybersecurity companies.
During the 2016 U.S. elections, for instance, fake news got more Facebook likes and shares (8.7 million) than their mainstream and real counterparts (7.3 million). This fact was exacerbated by increased mob violence and political hysteria across the globe influenced by false reports.
Unfortunately, apart from being hardwired to share false news faster than the truth, most people cannot distinguish what is real from what is fabricated. Adding to the fog are native ads in the guise of articles. The situation is complicated more by how elementary it is for fake news factories to create websites from scratch and get them to rank high in search results. With some nifty web design and image manipulation tricks, cybercriminals can create news site copycats that pass for the real deal.

Fake News Investigation: How to Avoid Falling Victim to Fake News

It's indeed hard to tell fake news sites from real ones because their makers work hard to fool readers. However, there are red flags that both newsreaders and media outlets can watch out for. A website's URL, for one, can give away an impostor site. Let us examine a few examples of sites that try their best to pass off their content as legitimate news with domain research and threat intelligence tools.
Right off the bat, two domain names immediately stood out from the GitHub list—houstonchronicle-tv[.]com and fox-news24[.]com. The web addresses, now parked, were both fake news mills spoofing The Houston Chronicle and Fox News. Last seen in 2017, their previous incarnations seem trustworthy, but not for someone with a discerning eye.
It is common to encounter questionable domains using this syntax or format. Spoofed sites’ URLs usually contain multiple dashes or typos though they closely mimic legitimate domain names.
A simple Google search can help users sort out whether a site is fake or not. Most of the results for these dubious sites pertain to fact checks ran by real media outlets on their stories. Several sources also point out that these sites are fake. (As a side note: Make sure to stay safe by enclosing the domain name in quotation marks [i.e., "houstonchronicle-tv[.]com"] before hitting the search button.)
Next, let us use a cybersecurity tool to conduct a risk assessment of these domain names. Through Brand Monitor, we found that The Chronicle's official domain name has 500 potentially misspelled variations, which any cybersquatter can register or hijack. Fox News, on the other hand, has 322.
Since it is impractical to secure all of the domain versions, companies can resort to monitoring them instead. They can also inspect the domain's ownership records using a WHOIS history lookup tool.
We ran houstonchronicle-tv[.]com on WHOIS History Search and found that it was created in March 2017. It seems to have been set up for the sole purpose of publishing fake news, banking on the popularity of its namesake. The domain was, however, not renewed in March 2018 and changed registrars as well.
Next, we performed a more technical evaluation, this time on an active conspiracy theory publisher, Infowars. At times, it is not just the controversial partisan pieces, hoaxes, and falsehoods that give a site a lousy reputation. If we pull back the curtain with threat scoring tools, it can tell us a lot about a site's history, as well.
A quick check on the Threat Intelligence Platform (TIP) shows that infowars[.]com contains potentially dangerous content. The report reveals that the domain runs scripts that open new windows, which can download malware onto a reader's computer. The site also has several mismatched resource records and Secure Socket Layer (SSL) configuration vulnerabilities.
The results imply that Infowars has not fully taken back control of its infrastructure after it was compromised last year. You may remember that the site was part of a Magecart credit card skimming attack.
Fake news sites will continue to exist as long as offenders are free to create them. And they show no signs of stopping until new stringent policies are introduced to regulate the digital media space. However, threat intelligence can aid researchers in conducting fake news investigations that can make a difference amid this post-truth era.
About the author
Jonathan Zhang is the founder and CEO of Threat Intelligence Platform (TIP)—a data, tool, and API provider that specializes in automated threat detection, security analysis, and threat intelligence solutions for Fortune 1000 and cybersecurity companies. TIP is part of the WhoisXML API Inc. family, a trusted intelligence vendor by over 50,000 clients.
More about Threat Intelligence Platform, fake news, Internet
 
Latest News
Top News