Late on Sunday, I got a weird message from a colleague.
He had done a Google News search, looking for latest press coverage on F-Secure and had found something odd.
I was not familiar with this news source, so I checked their front page.
And there it was. A fabricated article claiming that I and fellow security researcher Brian Krebs were arrested for selling stolen credit cards. As a sidenote, the article also mentioned that we were lovers. Now, let me make it clear: Neither of these claims are true. I like Brian, but not like that.
Here's the fake article:
So, I called Brian up. He had already seen the article and had a pretty good idea who had done it, too. We have no idea how it ended up on fraud-news.com though.
Of course, fake news like this travel fast.
So let me just state it for the record that I'm not arrested and I have not been involved in selling stolen credit cards…
—————
No, I was not indicted either. Thanks for asking.
Signing off, Mikko
P.S. The fake article is a modified version of a real article written by Brian in 2007. The fake screenshot is based on a posting on a real crime forum at omerta.cc/showthread.php?t=1474
—————
Updated to add: Administration of fraud-news.com contacted. Here's what they wrote:
From: info@fraud-news.com
Hi Mikko
Thanks!. When I checked the site today I was shocked to see what appeared to be a fake story posted by someone who has hacked into the site. I then checked on net and then saw your email, which confirmed that someone has "hacked" in to post this news item.
I have now regained access to the system. I have quickly edited the news item but kept the headline while replacing contents with my notes. That is just to make sure that any visitor who follows the title from another site or Google news is able to see that it was a fake entry. Removing the article altogether may result in a broken link which may leave some readers guessing. Hope that is fine with you. I hope to make another post to explain this further.
I took over this site - fraud-news.com was initially a community based site - somewhere last year, and as at now the only way the news can be published (which is picked up by Google news) is by making a forum post and then upgrading it as an article. The forum runs on vBulletin latest suite (Blog + Forum). I am trying to check into the logs and other settings to see how someone was able to use the username 'FraudNews' which I had the exclusive access as the super admin, or made the post through another alternative mechanism through loopholes in vBulletin, if any. I have also turned off the forum while we ensure the security of the site.
Strangely, fraud-news.com has recently come under attack as well, and in April/May we were under a DDOS, at which time we temporarily moved the site to DDOS protected hosting. The repeated attacks made publishing articles harder. The site is popular due to the forum which pulls all the scam/fraud related news and alerts. Since we tend to give all scam alerts, we may have ended up a target. However this is the first time someone "hacked" to make an unauthorised post, looking to make use of our site to target your entity/reputation. I will be monitoring the fraud-news.com closely to ensure that the culprit doesn't make another attempt.
Finally, many apologies for the inconvenience this has caused to all concerned. Arun Arunagiri