On Valentine’s Day in 1929, several members of Al Capone’s gang dressed as police officers stopped by archrival Bugs Moran’s headquarters on North Clark Street in Chicago, and delivered a Chicago gangster’s version of a valentine. They lined up seven of Moran’s men against a wall, and shot them. The moment became memorialized as the St. Valentine’s Day Massacre. The savage event was huge news, and people devoured stories about the massacre, at a distance, and safely.

Fast forward to this Valentine’s Day, and the news of the moment is the resignation of National Security Advisor Michael T. Flynn. Huge news, people are devouring stories, but perhaps not so safely. For example, the New York Times and Newsmax Media have been victimized by quoting tweets from a fake twitter account purporting to be Flynn’s and discussing his resignation. Why is this a cybersecurity problem? Read on.

Amidst non-stop use of the term “fake news” comes this story from Tech Republic: “Extra, extra! That fake news story might come with malware.” As the story notes, we have a tendency to avidly follow significant news stories, and cyber criminals use that tendency to great advantage, by incorporating either a real-news article or a fake-news article based on breaking news as an email attachment, or placing a banner bordering an article calling attention to it in a way intended to lure potential victims. Once they get your attention they either work to get you to exchange sensitive information or create an opportunity for an attacker to download malware to your system.

James Scott, Senior Fellow at the Institute for Critical Infrastructure Technology, offers an essay that points out “…news was the most common social engineering lure in 2014. Cyber-adversaries capitalized on high-profile natural disasters, global events, celebrity gossip, and buzz-worthy headlines. The Sochi Olympics, the World Cup, the death of Robin Williams, the leak of celebrities’ private photos from the iCloud, and other stories were used by APTs and cybercriminals to spread malware to victim systems via email, watering-hole sites, and malicious advertisements.” Rest assured, news remains a key tool for cyber criminals.

Scott’s essay goes into some detail about what is known about several foreign adversaries who are making great use of fake news, and is well worth reading. Today’s attacks are infinitely more subtle than Al Capone’s, but potentially every bit as deadly.

By Tom Davis, SDI Cyber Risk Practice
February 14, 2017