Governments creating bogus phishing sites
2015-08-28 20:29:23.42601+00 by Dan Lyke 0 comments
Associated Press sues FBI for impersonating its site to install spyware:
According to the AP lawsuit (PDF), the incident occurred when the FBI was investigating bomb threats made against a high school in Washington State. Hoping to lure out the person behind a MySpace account connected to the threats, FBI agents came up with an elaborate ruse: they constructed a legit-looking webpage with a fake news story under the AP masthead and the headline "Bomb threat at high school downplayed by local police department." Also buried within the site was a script to covertly install a piece of spyware. A link to the story was then sent to the MySpace account in a private message.
Electronicfrontierfoundation.org was not the only domain involved in this attack. It seems to be part of a larger campaign, known as “Pawn Storm”. The current phase of the Pawn Storm attack campaign started a little over a month ago, and the overall campaign was first identified in an October 2014 report from Trend Micro (PDF). The group behind the attacks is possibly associated with the Russian government and has been active since at least 2007.