Is fake news a security risk?

Fake news and security

So is fake news a security issue? Let’s take a look at a recent piece of news that is quite revealing.

Facebook held a press conference to explain what it is doing to remove fake news from its pages, and therefore from our feeds. CNN’s Oliver Darcy was waiting to ask a direct question about one of the most prolific sources of conspiracy-based fake news, InfoWars.

Asked by Darcy how the company could claim to be serious about online misinformation while allowing InfoWars to maintain a page with nearly a million followers on its website, John Hegeman said the company it does not “eliminate fake news.” .”

“I guess just because it’s fake that doesn’t violate community standards,” Hegeman said, explaining that InfoWars “hasn’t violated something that would get them removed.”

Added Hegeman: “I think part of the bottom line here is that we built Facebook to be a place where different people can have a voice. And different publishers have very different views.”

“We work hard to find the right balance between encouraging free speech and promoting a safe and authentic community, and we believe that lower-ranking inauthentic content strikes that balance. In other words, we allow people to post it as a way of expression, but we won’t show it at the top of the News Feed.”

“That being said: while sharing fake news does not violate our set of Community Standards policies, we do have strategies in place to deal with actors who repeatedly share fake news. If content on a page or domain is repeatedly rated ‘false’ by our third-party fact checkers…removed your monetization and advertising privileges to remove financial incentives and dramatically reduce the distribution of all your content at the page or domain level on Facebook.”

So, based on that conversation, you have to wonder if the fake news press conference was anything more than, well, fake news!

If Facebook has no intention of removing fake news, then they are encouraging it, claiming to remove or reduce the ability of page owners to generate revenue on Facebook if they consider fake news peddlers.

How does this affect security?

Problems occur when those who really believe in fake news start sharing it. Viral fake news about security issues on social media, apps, or websites can often cause serious reputational damage to the people they target.

It is one thing to allow and encourage free speech, but when it starts to affect legitimate businesses, those at the heart of the problem must be held to account. InfoWars has in the past advertised its site and even some of its fake news through advertising on YouTube. When those ads are displayed in the middle of an article from a highly reputable company, it has the effect of subliminally detracting from the reputation of these companies.

Some of the biggest brands in the US ran ads on YouTube channels for far-right website InfoWars and its founder, notorious conspiracy theorist Alex Jones, saying they had no idea YouTube was allowing your advertising to appear there. -CNN

And on the subject of fake news, let’s look at the person who coined the phrase:

President Trump dismissed a question from CNN’s Jim Acosta at a joint press conference Friday afternoon with UK Prime Minister Theresa May in Buckinghamshire. Earlier in the news conference, Trump attacked CNN after receiving a question from NBC News reporter Hallie Jackson. Trump said that NBC is “arguably worse than CNN.”

“Mr. President, since you attacked CNN, can I ask you a question?” Acosta asked Trump.

FOX News correspondent John Roberts said: “Go ahead.”

“Can I ask you a question?” Jim Acosta insisted.

“No,” Trump told him.

“CNN is fake news,” Trump said. “I don’t take questions from CNN. CNN is fake news. I don’t take questions from CNN.”

So in this case, those accused of delivering fake news don’t get a chance to ask a question! If the press publishes a story that isn’t true then you have the opportunity to challenge them in a court of law, but POTUS doesn’t bother, instead offering their own brand of justice.

What is the verdict on safety?

Honestly this is damaging, the press in the UK has a duty to report honestly and fairly, failure to do so almost always results in legal action. Trump has accused the BBC of providing fake news in the past, I now know that the BBC have been accused of being biased in the past, in some cases they have been found guilty and had to pay the price, yet they are funded by at UK public through a license fee and as such are under scrutiny.

Whenever public opinion is manipulated, there are security risks, be they cyber or real. The current climate of calling everything people don’t like fake instead of bringing the culprits to justice needs to change in the real world and cyber environment.

As a result, the lies continue to spread and global security and cyber security is where the suffering begins.

Facebook has recently been trying to limit the damage after the Cambridge Analytica scandal. UK hype has been full of how Facebook is ditching its third-party data partnerships, in fact there’s probably a second reason for this. The GDPR would make third-party data associations, like Cambridge Analytica’s, a minefield for Facebook.

The amount of compliance that would be required, the documentation, monitoring and verification, not to mention the fines if something went wrong, would be enormous.

Sure, Facebook was only fined £500,000 for the recent scandal, this is likely because the incident occurred before the GDPR came into force, future breaches would be dealt with much larger fines.

What can be done?

It seems that unless one of the affected parties takes the offending party to court, the answer may not be much. Or is that it?

The lesson to be learned here is that, according to Facebook, they won’t remove fake news even after they’ve found it. The public is therefore in the position of power.

Don’t believe everything you read. You can use websites like https://www.snopes.com/ which provide many resources on scams and news. You can also check the facts at https://fullfact.org/ to check the validity of a story.

If you find the story to be false, be sure to politely point it out to the person(s) promoting it.

Why is this so important? Well, there is a very successful ploy that the bad guys often use, they simply search for popular news trends, create pages promoting that news or hijack existing pages and embed their own malicious code into the page. Before you know it, malware has spread across the Internet, infecting thousands or millions of computers.

In short, fake news causes real cybersecurity problems and can be much more dangerous in the real world.