You Can Hack This Headline for $200
Cybercriminals claim to be selling the ability to manipulate media outlets’ articles.
Computer security researchers have recently noticed a disturbing trend in the dark corners of the web: Hackers are increasingly advertising access to the websites of media organizations, offering to sell stolen credentials that would allow the buyer to edit and post articles or plant malware on their websites.
Gaining access to the content management systems of media organizations would potentially give hackers the ability to turn newspapers, wire services, and magazines into unwitting participants in disinformation operations.
“For anyone with a strategic will or the strategic motivation to do that, it is a piece of cake,” said Omer Carmi, a former intelligence analyst for the Israeli armed forces who is now the director of intelligence for Sixgill, a cybersecurity firm. “I only need to have credentials for this forum, $200 dollars in bitcoin, and I can just go in and publish whatever what I want as an article.”
Carmi and his company’s researchers have discovered several offers in recent months for access to news outlets’ sites. One offer was for access to 1,400 U.S. magazines; another was for access to a major news wire, with most of its audience in Southeast Asia.
There is no way to verify that the posts discovered by Carmi are legitimate. And there is little evidence so far that these credentials are being used to publish false or misleading information.
But other cybersecurity firms have discovered similar offers in recent months, and sellers on closed criminal forums trade on their reputation for providing bona fide material. Those closed forums on the dark web act as a giant flea market that hackers use to fence stolen wares, such as bank logins, credit card numbers, or more exotic goods.
One appeal of news sites is that high-traffic pages would offer hackers a way to spread malicious code—such as a cryptocurrency mining script—to many machines. Theoretically, hackers could make a mint if they took over enough computers, but with cryptocurrency prices falling, that’s unlikely, said Andrei Barysevich, the director of advanced collection at the cybersecurity firm Recorded Future. “You really have to infect millions of people to make money,” he said.
With slim pickings in cryptomining, hackers are marketing access to media outlets as a way to spread disinformation.
In early 2018, Barysevich and his colleagues approached a hacker on an online forum who claimed to be selling access to a major news outlet’s content management system. The hacker was asking around $15,000 for the vulnerability, which would allow broad system access, and the price struck Barysevich as high.
In a chat, Recorded Future researchers asked the hacker what the material could be used for. “Well, you could plant fake articles,” the unidentified hacker wrote back.
But researchers point out that major fake articles would likely be quickly disproved, undermining their value.
A subtler way to exploit access to media sites would be to introduce minor changes to an article, said Herb Lin, a cybersecurity scholar at Stanford University. ......MORE
