Fake Is the New RealBy Samuel Greengard | Posted 2015-01-20 Email Print
Modernizing Authentication — What It Takes to Transform Secure Access
Spammers routinely impersonate users to disseminate malware or misinformation. Without checking every time, it's easy to fall prey to phishing or Web scams.
On January 12th, the OpenDNS threat detection system identified a site attempting to mimic the official BBC news site. The page delivered blatantly false information about the recent Charlie Hebdo tragedy: It reported that the event was entirely staged.
Remarkably, within an hour of the site appearing, it began receiving upward of several thousand hits per hour. The perpetrators of this fake Website, which looked identical to the real BBC site, used social media, including Facebook and Reddit, to drive traffic to it.
This wasn't a novel idea. The same technique was used after the deadly 2013 Boston Marathon bombings. Most recently, OpenDNS Security Labs identified links to a State-sponsored (in this case Iranian) media outlet. The site attempted to gain further credibility by quoting a prominent American economist.
Let's face it, for all the advanced technology we use on a daily basis, we're still somewhere in the Neanderthal period of the Internet. As Andrew Hay, senior security research lead and evangelist at OpenDNS puts it: "This wasn't really an exploit, but rather a case of Website/brand impersonation. Anyone can register, host a domain and employ social media avenues to lure unsuspecting individuals."
We all know that spammers routinely impersonate actual users and rely on snowshoe and other techniques to disseminate malware or misinformation. Without carefully checking every single time, it's easy to fall prey to phishing, spear phishing or Web scams and allow the bad guys to swipe personal information.
In fact, the leading cause of data breaches at businesses has nothing to do with physical and technical security. It's all about people who don't pay attention and click a fake link.
In all fairness, it's not always easy to know that we're clicking a bad link, and who would question an apparent news link at a legitimate social media site? The problem actually lies far deeper. The open nature of the Internet and a lack of accountability ensure that hackers, scammers and pretty much anyone with bad intentions can operate with near impunity.
Unfortunately, there's zero chance that things will improve anytime soon. Adding to the lunacy—and actually enabling it—is an emerging paradox: The smarter technology gets, the dumber a segment of the population gets. Moon mission and Newtown deniers, September 11 conspiracists, Obama birthers and Creationists live in a world where facts and science do not matter.
One can only hope that someday—perhaps before the 22nd Century—we will come to our senses and design IT systems that increase the odds people, Websites and emails are real.
Until then, click at your peril.