->PConnect(script.ftech.net,mi2gl,m4d2e,mi2gl)
 

Ransom demands come through to subdue negative publicity;
Reputation damage accelerates through hoax postings

news alert

London, UK - 20 July 2004, 17:30 GMT - The dark side of the internet is increasingly coming into focus as false information posted on "security" portals is purveyed and mirrored without question by a range of inter-linked trusted web sites. The original internet security portals, which have become famous for carrying software vulnerability disclosures, are now being overwhelmed by new listings. As a result, they are unable to cope with the flood of fresh postings - genuine and hoax - on a daily basis.

In parallel, consistent negative publicity on other trusted web sites and security portals has led to the owners of some of those sites to contact many companies, including mi2g, with a view to buying them out in exchange for their silence. Ransom demands made have ranged from $250,000 to $1 million to decommission a negative publicity campaign mounted through a particular set of trusted web sites or security portals.

These adverse developments are likely to lead to further loss of user trust and unclear demarcation between useful and useless security warnings as well as vulnerability disclosures in the months ahead.

The mi2g Intelligence Unit has tracked a particular development over the last few weeks, where a rogue account created by a malevolent party as mi2g-research@hushmail.com has been consistently abused by utilising it as the originator of a number of vulnerability postings including one clear hoax titled: "Wendy's Drive-up Order System Information Disclosure."

Upon reading this hoax "vulnerability" posting, available through a number of security portals, it is clear that there is no purpose to it other than to smear reputation and cause damage. However, the organisations that originally took the posting did not bother to check for accuracy and include such well known names as:

1. full-disclosure@lists.netsys.com [Full-Disclosure]
2. isn@c4i.org [InfoSecNews]

The original message had the following lists in the 'cc' as well:

1. bugtraq@securityfocus.com
2. vulnwatch@vulnwatch.org

The presence of these two lists in the "cc" increased and amplified the credibility and visibilty of the hoax, although the moderators of bugtraq and vulnwatch did not accept the posting. Within days, there were mirror copies of the hoax vulnerability "Wendy's Drive-up Order System Information Disclosure" on several "security" focussed portals that mentioned mi2g incorrectly without checking the facts within the posting or confirming accuracy through other means, such as:

1. http://www.securityfocus.com
2. http://seclists.org
3. http://lists.insecure.org
4. http://archives.neohapsis.com
5. http://lists.netsys.com
6. http://www.e2ksecurity.com
7. http://www.derkeiler.com
8. http://www.gossamer-threads.com
9. http://www.landfield.com

The mi2g Intelligence Unit has written to these security portals and to Hushmail. Only Hushmail.com has taken immediate action by disabling the rogue email account, much to their credit. The other so called "security" forums and trusted vulnerability posting accounts, portals and mirror web sites have simply passed the buck by stating that they did not control the content which they published, even when it was blatantly evident that the posting they were purveying was an obvious obnoxious hoax.

"These developments mean that any person or corporation can quite easily decide to launch a clandestine smear campaign against any brand in the world by bombarding appropriate bulletin boards and trusted forums with false information through free email accounts," said DK Matai, Executive Chairman, mi2g. "There is a high probability that more and more brands could fall victim to such smear campaign postings. The reputation damage is being amplified manifold by several automatic mirrors. In parallel, we are also seeing demand for money from frequent reputation damage purveyors."

[ENDS]

Full details of the June 2004 report are available as of 1st July 2004 and can be ordered from here. (To view contents sample please click here).