Don’t get hacked these holidays: security tips for media companies

Have you noticed more #BREAKING news tweets in your twitter feed lately?

Or alerts about Covid by people calling themselves Doctor?

At radioinfo we are hearing an alarming amount of stories leading us to believe that various social media lobbyists and disinformation peddlers are gearing up for some serious activity in the lead up to next year’s Australian federal election.

To fact check some dodgy covid related tweets and facebook posts over the past few weeks, we clicked on one or two posts from accounts by so called doctors. It was pretty easy to see that these ‘Dr’ accounts were new, with only a small number of followers, and those followers were also mostly new accounts.

It was also easy to verify that they were not medical doctors by checking those names in Australian medical registers. Yet the social posts were medical in nature about covid. Upon checking many of the posts with seemly credible journalistic headlines, we found they went to dodgy websites or unsubstantiated conspiracy stories.

And of course, the more we clicked on them, the more such stories we began to see in our feeds.

The other phenomenon we have observed lately is an increase in bogus social posts tagged with #breaking or #breakingnews. Radioinfo has been told by two different large Australian media companies that they have had to contact twitter and facebook in recent months to have bogus accounts bearing their company name, corporate colours and logos removed. Our sources say that it took several days for the social media companies to take action against those accounts and that similar look-alike accounts keep popping up.

As with the ‘Dr’ example, the more we clicked the bogus #breaking posts, the more similar posts we began to see.

And then there are the obvious scam ads with pictures of celebrities and politicians on them selling everything from vitamins to bitcoin that have been around for a long time. Trying to get rid of them by lodging consumer reports is like playing whack-a-mole. ABC News reported on this phenomenon here.

The motivation for the money scams is pretty clear, but the motivation for the fake Doctor and Media Company activity is more sinister.

With an Australian election looming next year the companies behind these accounts are slowly building up their followings and their activities so that once it comes to a couple of months before the election they appear to be genuine and have built up enough gullible followers who will share their posts without checking the content. One recent example of this is ABC Brisbane radio host Loretta Ryan who had her facebook account cloned, but went public about it quickly so as to warn her followers.

This is big business. There are now companies all over the world who sell their manipulation services to political parties, foreign governments, extremist groups or anyone else who will pay them to manipulate, cause doubt and spread misinformation. These are not kids in hoodies hacking for fun, they are professional IT people wearing shirts and ties, working in offices and selling their services for profit.

If you are reading this you are probably well aware of what is happening, but the trouble is that many people are not well informed about these practices and unwittingly help the misinformation peddlers spread their mischief. Despite many exposés of these activities they still continue, because they work. This tech article in Wired details how Cambridge Analytica operated and the video below from the UK’s Channel 4 is one of a series of reports exposing the shadowy practices.

All these things are different from the real social media political lobbying campaigns that are already taking place as we approach the next election. In a democracy anyone has the ability to express their political opinions, like Alan Jones or the Institute of Public Affairs or the Friends of the ABC, but good practice should be that their political backers are transparent and that they comply with the appropriate laws and disclosure regulations for the platforms they use.

While media companies can’t solve the problem for the whole country, they can do more by increasing awareness and acting fast when their security and accounts have been compromised or cloned.

With Christmas holidays looming, when security systems may be unattended and staff will not be checking emails and social posts, there is a clear and present danger.

Some tips from security experts we consulted for this article:

Hackers lurking in your systems

1. These people are professional. They will have been trawling your company for passwords and vulnerabilities for months but will wait until the Friday before the long weekend of your Christmas shutdown period before they act. Ensure that your IT and website security team has someone rostered on continually through the holidays to monitor intruder alerts from your systems. The BBC detailed these methods here.
2. People are the weakest link and most vulnerable point for intruders. Educate your staff about how hackers trick them into revealing their system and email logins and to click links that install keyloggers or trojans.
3. Ensure there is an experienced editor monitoring your websites and news output. If hackers are inside your system and want to plant stories they will do so when your A-Team is on holidays and staff have clocked off after the Christmas party or before the long weekend. This is when they will plant their story, then will use their social media sock puppet accounts to share it quickly. By the time your team has woken up the next day and overcome their hangovers, the misinformation planted by the hackers on your website or news service will be all over the internet.

Cloned fake corporate accounts

4. These will be used to direct people to scam websites, believing they are following a link from a credible news company.
5. There is complexity in this. If you educate the followers on your real social media accounts that some posts they see might be bogus, there is a chance you may undermine the credibility of your own brand. But if you don’t educate your followers they may unwittingly share bogus posts from fake accounts. The best advice is to confirm your real accounts by displaying them next to reporter’s names on your website, tv news bulletin and to mention them in your radio broadcasts.
6. Put into place methods that your audience can use to contact you, to verify posts that they suspect are bogus. Ask your audience to contact you if they suspect something is fake and want to check it – this takes resources, someone has to be available to monitor audience queries, so only promise what you can deliver.

Hacked email accounts

7. Another common disinformation scam is to hack a reporter’s email account and use it to send ‘tips’ or off the record bogus source material to other media, in the hope that it will be picked up and published by someone – usually a junior rostered on to cover holiday shifts who thinks they have a scoop . These emails often contain links to fake news stories, fake ‘eyewitness’ or ‘whistleblower’ posts on sock puppet social media accounts, or fake videos on Youtube.
8. Once people start searching for fakes, Google helps surface the fake content because it thinks that the content must be real if lots of people are searching for it.

This week, an Australian parliamentary committee has released a paper warning of the potential foreign electoral influence of social media in a report to The Senate. Read the report here.

Sorry to spoil Christmas break, but this is the time when malicious players strike. None of this is new, but the stakes are higher in Australia at the moment as our Federal Election looms.

Happy Christmas… Bah humbug!

Tags: | |