Fake Stories in Real News Sites

Fireeye is reporting that a hacking group called Ghostwriter broke into the content management systems of Eastern European news sites to plant fake stories.

From a Wired story:

The propagandists have created and disseminated disinformation since at least March 2017, with a focus on undermining NATO and the US troops in Poland and the Baltics; they’ve posted fake content on everything from social media to pro-Russian news websites. In some cases, FireEye says, Ghostwriter has deployed a bolder tactic: hacking the content management systems of news websites to post their own stories. They then disseminate their literal fake news with spoofed emails, social media, and even op-eds the propagandists write on other sites that accept user-generated content.

That hacking campaign, targeting media sites from Poland to Lithuania, has spread false stories about US military aggression, NATO soldiers spreading coronavirus, NATO planning a full-on invasion of Belarus, and more.

EDITED TO ADD (8/12): This review of three books on the topic is related.

Posted on July 30, 2020 at 2:56 PM9 Comments


Jesse Thompson July 30, 2020 8:13 PM

with a focus on undermining NATO and the US troops in Poland and the Baltics; they’ve posted fake content on everything from social media to pro-Russian news websites.



  • Social Media sites are already free for anyone to publish on. Plus bots and identity theives have been there since before the sites were.
  • Here’s the fastest method to get anti-NATO anti-US content onto a pro-Russian site: Hand them the content.

    I’m pretty sure they would pay you for writing it for them (and maybe for being more convincing than GPT3’s output).

  • RatMan29 July 30, 2020 8:40 PM

    Since about 2008, the former mainstream news media have gone beyond just being one-sided and now publish pretty much nothing but vicious lies. (“Cancel culture” exists to prevent the victims’ replies from being seen.)

    So how do you distinguish a lie that some outside bad actor has inserted from one that is an approved product of the medium’s editorial policy? Then again, why bother to tell them apart?

    name.withheld.for.obvious.reasons July 31, 2020 12:29 AM

    This might explain what I’ve been experiencing just recently. My first thought was algorithmic editorial judgements, since portions of a post on a large unnnamed (let’s face it, I’m not writing a book) media site having clipped several paragraphs.

    Men Who Stare At Goats July 31, 2020 1:01 AM

    There is an absolutely hilarious scene from the above mentioned movie featuring two high-ranking US Army generals discussing the need to start psychic research after intelligence reports reached them about the Russians efforts in the area , which in turn was based on a hoax report planted by French.

    Interesting detail about the general who initiated this research can be found in this video at roughly 3:57


    While very funny in the movie, it can have very detrimental effects in the real world.

    Spellucci July 31, 2020 5:46 AM

    The New York Review of Books just covered some of this in their recent review of three books on how disinformation is accomplished: https://www.nybooks.com/articles/2020/08/20/fake-news-disinformed-to-death/

    The books are

  • Active Measures: The Secret History of Disinformation and Political Warfare
    by Thomas Rid
  • The Hacker and the State: Cyber Attacks and the New Normal of Geopolitics
    by Ben Buchanan
  • Lie Machines: How to Save Democracy from Troll Armies, Deceitful Robots, Junk News Operations, and Political Operatives
    by Philip N. Howard
  • Have any of you read Rid’s book? What did you think?

    vas pup July 31, 2020 11:42 AM

    Twitter hack: Staff tricked by phone spear-phishing scam

    “Twitter isn’t clarifying whether or not their employees were duped by an email or a phone call. The consensus in the information security community is that it was the latter.

    Phone call spear-phishing, commonly known as vishing, is bread and butter for the sort of hackers who are suspected of this attack.

    The criminals obtained the phone numbers of a handful of Twitter staff and, by using friendly persuasion and trickery, got them to hand over usernames and passwords that gave them an initial foothold into the internal system.”

    Q: should they have not caller ID (can be spoofed) but rather ANI (Automatic Number Identifier) on corporate phone, but during COVID how it working for remote access (I mean that all calls should go initially through land line corporate ANI, then forwarded to employee working from home)?

    It is nothing new -Kevin Mitnik did it many years ago and wrote the book ‘Art of Deception’ on subject.

    And, as many time confirmed by Bruce and respected bloggers: human is the weakest link in security.

    name.withheld.for.obvious.reasons July 31, 2020 4:21 PM

    Two quick thoughts, FCC and the fairness doctrine, and all the supposed appropriations bills with statutes embedded in them and passed in the dead of night as Omnibus legislation.

    What is an Omnibus bill? Is there a monthly pass to purchase getting one around town? Or is is more like ominous–very scary boys and girls. Oh yeah, that’s right–it’s where political cowards go to duck and cover from any responsibility in taking a vote in the halls of congress. You wouldn’t want it going on your “Permanent Record” now would you?

    2011, 2012, 2015 NDAA where the architecture for tyranny, less the key, oh and don’t forget the IAA of 2015 which never achieved even honorable mention; all mixed together in a wonderful basket of government goodies (the basket has all of your and my rights stuffed into it).

    Going back to an earlier squid post, where at Harvard University Forum, in 2012, had two preeminent lawyers of the constitutional and legal process law types utter the words “Constitutional crisis”. I’ll ask here; what does 2020 portend, Constitutionally? Or should we even bother, call it a good run and shut it down.

    “I’m given her all she’s got captain, put I am going to need more Power.”

    “Shut er’ down Scotty”

    name.withheld.for.obvious.reasons July 31, 2020 4:35 PM

    How about fake language in real legislation?

    Fake out the congress critters with your own propagandized legislative text and have some fun. It’s been done in the past. Look for the IAA passed in December of 2014. Little mention except by Justin Amash, and his alert was to the text.

    Another alert, that the summary document (the readable form of the bill) held by congresspersons and staffers had been rewritten prior to the vote on the bill. The most problematic section, 309, had been replaced with the text from section 310 without notice or fanfare. The vote was cast before any correction to the summarized bill occurred.

    What the U.S. congress voted on was not the text they thought it to be.

    Game over people, the government is gaming itself. That’s not a maintenance item on a repair order, that’s institutional subversion.

    Wish me luck. Think Vault Seven

    Leave a comment


    Allowed HTML <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre> Markdown Extra syntax via https://michelf.ca/projects/php-markdown/extra/

    Sidebar photo of Bruce Schneier by Joe MacInnis.