[liberationtech] Investigating similar domain attacks

Amin Sabeti aminsabeti at gmail.com
Thu May 9 13:58:13 PDT 2013 

Hi,

There are lots of fake domains that the pro-government of Iran
has launched it. These are some examples:

   - Original: BBCPersian.Com // Fake:PersianBBC.ir: They copy the theme
   and publish fake news
   - Original: kaleme.com // Fake: kalame.co: They copy the theme and
   publish fake new

Cheers,

Amin

On 9 May 2013 17:10, Michael Carbone <michael at accessnow.org> wrote:

> Hi Libtech,
>
> I'm currently working on the follow-up to a general report that we at
> Access released in 2012, “Global Civil Society At Risk: An Overview of Some
> of the Major Cyber Threats Facing Civil Society” and I'm looking for
> examples of 'similar domain' attacks -- attacks in which an adversary
> creates a similar-looking website to the targeted website with the
> intention of drawing readers from the original site. This fake domain may
> display content altered to an opposing view or serve malware to
> unsuspecting users. This can also include fake social media profiles of
> CSOs and media orgs.
>
> I have evidence from Iran, Vietnam, Belarus, and Thailand already and
> would like to build a more complete picture of these attacks if the data
> supports it.
>
> If you are aware of such attacks, please let me know if you haven't
> already. At minimum, I am looking for the url address of targeted domain
> (e.g. targeted-cso.org) and the url address of fake domain (e.g.
> fake-cso.net) and the type of attack (i.e. was it replicating or altering
> content, serving malware, etc).
>
> Feel free to contact me off-list, my PGP key is in my
> signature. Contributions and data can be anonymous or attributed as
> desired, and I'm open to feedback on the methodology as well as content.
>
> Thanks,
> Michael
>
> --
> Michael Carbone
> Manager of Tech Policy & Programs
> Access | https://www.accessnow.org
> michael at accessnow.org | PGP: 0x81B7A13
>  PGP Fingerprint: 25EC 1D0F 2D44 C4F4 5BEF EF83 C471 AD94 81B7 A13E
>
> --
> Too many emails? Unsubscribe, change to digest, or change password by
> emailing moderator at companys at stanford.edu or changing your settings at
> https://mailman.stanford.edu/mailman/listinfo/liberationtech
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.stanford.edu/pipermail/liberationtech/attachments/20130509/acdda6d8/attachment.html>

More information about the liberationtech mailing list