NEWS FROM THE LAB - Sunday, June 12, 2011

Fraud News Posted by Mikko @ 20:00 GMT

Late on Sunday, I got a weird message from a colleague.

He had done a Google News search, looking for latest press coverage on F-Secure and had found something odd.


I was not familiar with this news source, so I checked their front page.


And there it was. A fabricated article claiming that I and fellow security researcher Brian Krebs were arrested for selling stolen credit cards. As a sidenote, the article also mentioned that we were lovers. Now, let me make it clear: Neither of these claims are true. I like Brian, but not like that.

Here's the fake article:


So, I called Brian up. He had already seen the article and had a pretty good idea who had done it, too. We have no idea how it ended up on fraud-news.com though.

Of course, fake news like this travel fast.



So let me just state it for the record that I'm not arrested and I have not been involved in selling stolen credit cards…



No, I was not indicted either. Thanks for asking.

Signing off,

P.S. The fake article is a modified version of a real article written by Brian in 2007. The fake screenshot is based on a posting on a real crime forum at omerta.cc/showthread.php?t=1474


Updated to add: Administration of fraud-news.com contacted. Here's what they wrote:

From: info@fraud-news.com

Hi Mikko

Thanks!. When I checked the site today I was shocked to see what appeared
to be a fake story posted by someone who has hacked into the site. I then
checked on net and then saw your email, which confirmed that someone has
"hacked" in to post this news item.

I have now regained access to the system. I have quickly edited the news
item but kept the headline while replacing contents with my notes. That is
just to make sure that any visitor who follows the title from another site
or Google news is able to see that it was a fake entry. Removing the
article altogether may result in a broken link which may leave some
readers guessing. Hope that is fine with you. I hope to make another post
to explain this further.

I took over this site - fraud-news.com was initially a community based
site - somewhere last year, and as at now the only way the news can be
published (which is picked up by Google news) is by making a forum post
and then upgrading it as an article. The forum runs on vBulletin latest
suite (Blog + Forum). I am trying to check into the logs and other
settings to see how someone was able to use the username 'FraudNews' which
I had the exclusive access as the super admin, or made the post through
another alternative mechanism through loopholes in vBulletin, if any. I
have also turned off the forum while we ensure the security of the site.

Strangely, fraud-news.com has recently come under attack as well, and in
April/May we were under a DDOS, at which time we temporarily moved the
site to DDOS protected hosting. The repeated attacks made publishing
articles harder. The site is popular due to the forum which pulls all the
scam/fraud related news and alerts. Since we tend to give all scam alerts,
we may have ended up a target. However this is the first time someone
"hacked" to make an unauthorised post, looking to make use of our site to
target your entity/reputation. I will be monitoring the fraud-news.com
closely to ensure that the culprit doesn't make another attempt.

Finally, many apologies for the inconvenience this has caused to all
Arun Arunagiri