Ransom demands come through to subdue negative publicity;
Reputation damage accelerates through hoax
London, UK - 20 July 2004, 17:30 GMT - The dark side of the internet
is increasingly coming into focus as false information posted on "security"
portals is purveyed and mirrored without question by a range of inter-linked
trusted web sites. The original internet security portals, which have become
famous for carrying software vulnerability disclosures, are now being overwhelmed
by new listings. As a result, they are unable to cope with the flood of fresh
postings - genuine and hoax - on a daily basis.
In parallel, consistent negative publicity on other trusted web sites and
security portals has led to the owners of some of those sites to contact many
companies, including mi2g, with a view to buying them out in exchange
for their silence. Ransom demands made have ranged from $250,000 to $1 million
to decommission a negative publicity campaign mounted through a particular
set of trusted web sites or security portals.
These adverse developments are likely to lead to further loss of user trust
and unclear demarcation between useful and useless security warnings as well
as vulnerability disclosures in the months ahead.
The mi2g Intelligence Unit has tracked a particular development over
the last few weeks, where a rogue account created by a malevolent party as
email@example.com has been consistently abused by utilising it as
the originator of a number of vulnerability postings including one clear hoax
titled: "Wendy's Drive-up Order System Information Disclosure."
Upon reading this hoax "vulnerability" posting, available through
a number of security portals, it is clear that there is no purpose to it other
than to smear reputation and cause damage. However, the organisations that
originally took the posting did not bother to check for accuracy and include
such well known names as:
2. firstname.lastname@example.org [InfoSecNews]
The original message had the following lists in the 'cc' as well:
The presence of these two lists in the "cc" increased and amplified
the credibility and visibilty of the hoax, although the moderators of bugtraq
and vulnwatch did not accept the posting. Within days, there were mirror copies
of the hoax vulnerability "Wendy's Drive-up Order System Information
Disclosure" on several "security" focussed portals that mentioned
mi2g incorrectly without checking the facts within the posting or confirming
accuracy through other means, such as:
The mi2g Intelligence Unit has written to these security portals and
to Hushmail. Only Hushmail.com has taken immediate action by disabling the
rogue email account, much to their credit. The other so called "security"
forums and trusted vulnerability posting accounts, portals and mirror web
sites have simply passed the buck by stating that they did not control the
content which they published, even when it was blatantly evident that the
posting they were purveying was an obvious obnoxious hoax.
"These developments mean that any person
or corporation can quite easily decide to launch a clandestine smear campaign
against any brand in the world by bombarding appropriate bulletin boards and
trusted forums with false information through free email accounts," said
DK Matai, Executive Chairman, mi2g.
"There is a high probability that more and more brands could fall victim
to such smear campaign postings. The reputation damage is being amplified
manifold by several automatic mirrors. In parallel, we are also seeing demand
for money from frequent reputation damage purveyors."
Full details of the June 2004 report are available as of 1st July 2004 and
can be ordered from here.
(To view contents sample please click here).