Societal

People Fall for NYTimes’ Fake Hacking Story of 1.2B Stolen Passwords

Friday, 08 August 2014

On August 5th, the NY Times published a story titled “Russian Hackers Amass Over a Billion Internet Passwords ” which was, in fact, a “Native Advertising” venture between this once respected newspaper and a relatively new computer company identified as Hold Security founded last year in Wisconsin by Alex Holden.

“Native Advertising”, is an online advertising method in which the advertiser attempts to gain attention by providing content in the context of the user’s experience. Native ad formats match both the form and function of the user experience in which they are placed.

The word “native” is used to refer to the formatting of the advertising materials to make them appear more consistent with other media in the recipient’s universe. In other words, paid advertisement is presented as “news”, even though it isn’t.

The New York Times began their “Native Advertising” program this past January, when Dell became the first advertiser to buy into this highly deceptive program which was a three-month campaign costing six-figures.

English: The New York Times building in New Yo...

English: The New York Times building in New York, NY across from the Port Authority. (Photo credit: Wikipedia)

The Russian FSB was shocked US Media ran the fake story as “news”. It estimated The New York Times making “at least” US$1 million off of their “Native Advertising” article for Hold Security, based upon the Hold Security fee of US$120.00 for anyone seeking to find if their passwords were hacked by these “non-existent” Russian hackers as they are the only ones who, supposedly, know who they are.

In their fake news story The New York Times says that Hold Security (the only cyber security firm mentioned in this story) told them: “The hacking ring is based in a small city in south central Russia, the region flanked by Kazakhstan and Mongolia. The group includes fewer than a dozen men in their 20s who know one another personally — not just virtually. Their computer servers are thought to be in Russia.”

A more accurate description of this “cyber gang”, however can be found in the article by the American technology news and media network The Verge who writes about them stating:

“The biggest red flag of all, though, is that CyberVor isn’t trying to sell the data or use it to steal actual money. They’re using it for Twitter spam, the dark web equivalent of boiling the bones for stock. If there were anything else they could do with these passwords, it would be more lucrative and more sustainable than spamming. The fact that the crew is reduced to jacking Twitter accounts suggests the data is more about quantity than quality .

What you’re left with is something of a mess. Clearly CyberVor has been busy, and they seem to have done real damage. Spammers are bad, and cracking small sites is just as bad as cracking big ones. But the most impressive aspects of the hack (the 1.2 billion accounts, the 420,000 sites) all have more to do with how the hack was framed than how it was carried out, and it’s easy to see why. No one was going to pay $120 a year just to find out if their Twitter might get hacked.”

It wasn’t just The Verge who noticed this New York Times “Native Advertising” story for being the “fake” news it was pretending to be either. The Wall Street Journal and Forbes caught it too, and as we can read:

From Forbes in their article titled “Firm That Exposed Breach Of ‘Billion Passwords’ Quickly Offered $120 Service To Find Out If You’re Affected ”:

“The story provides few details beyond hyperbolic numbers: “ 1.2 billion username and password combinations” and “more than 500 million email addresses” are in the hands of a group of 20-something hackers in Russia, according to the report. No specifics about the state of those passwords: whether they’re in clear-text — the worst case scenario — or in encrypted form. The Internet predictably panicked as the story of yet another massive password breach went viral.”

And from the Wall Street Journal :

“The firm, founded last year in Milwaukee, isn’t naming the hackers, any of the victims or how it obtained the data. For a fee, the company said it offers “breach notification services” for website operators that they can use to see if they’re affected and monitor for ongoing threats, according to its website. In an email, Alex Holden, the founder and chief information security officer of Hold Security, said he wanted to “avoid discussing details about the hackers whereabouts and names in case law enforcement has an ongoing investigation.”

Also critical to note about this “fake” New York Times story, FSB intelligence analysts in this report say, was that it was written by Nicole Perlroth and David Gellesaug, both of whom were recently found to belong to a highly secretive cabal called the “Gamechanger Salon” which consist of over 1,000 reporters working, in essence, for Obama.

Founded by leftwing activist Billy Wimsatt, the EAG News Service reports, this group is a secretive digital gathering of writers, opinion leaders, activists and political hands who share information, ideas and strategy via a closed Google group. The group’s existence was discovered by Media Trackers through an open records request filed with a University of Wisconsin professor who happened to be a member of the network.//SF