Google Search Results Spoofed To Create Fake News

Uploaded on 2019-01-21 in TECHNOLOGY-Key Areas-Social Media, NEWS-Cybersecurity News, FREE TO VIEW

A spoofing technique that creates fake Google search results has been uncovered, which could be used in political influence campaigns or for other nefarious purposes. The technique can be used to spread disinformation while leveraging the trust people have in Google’s search results.

In this age of fake news, people are more wary than ever of efforts to sway public opinion using disinformation, this has led to a wholesale questioning of news sources spread around on social media. It’s also prompted Facebook, Twitter and others to action in terms of cracking down on influence campaigns.

Less top of mind however are systems that we’ve come to trust and rely upon, namely, Google searches.

Despite some accusations that Google has gamed its search algorithms to return left-skewing news results (a charge it categorically has denied), most people trust the search engine to return relevant and accurate information. A spoofing technique takes advantage of Google’s perceived legitimacy to create more believable false information, by simply adding two parameters to any Google Search URL.

According to the independent Dutch researcher Wietze Beukema, the approach makes use of Knowledge Cards, which are boxes on the right-hand side of the screen that contain relevant information to whatever search query a user types into Google Search. For instance, a search for “MSNBC” offers regular search results along with a Knowledge Card with key facts about the news outlet.

Knowledge Cards are far from completely solid sources of information – according to the researcher, most information comes straight from Wikipedia and a mix of other sources like corporate boilerplate.

“Unfortunately, Knowledge Graph doesn’t tell you where it got the information from,” Beukema wrote in a blog post recently. “In addition, the algorithm sometimes mixes up information when there are multiple matches (e.g. people with the same name). This has led to a small number of incidents regarding the feature’s accuracy.”

Nonetheless, most people take the information at face value, opening the door to social engineering.

“People have effectively been trained to take information from these boxes that appear when googling,” said Beukema. “It’s convenient and quick – I have caught myself relying on the information presented by Google rather than studying the search results.”

It turns out that anyone can attach a Knowledge Graph card to their Google Search, which might be helpful if you want to share information provided in a Knowledge Graph card with someone else. Each Knowledge Graph has a unique identifier (the &kgmid parameter), which can be added to the URL for the original search query. An attacker can thus add any Knowledge Card they choose to run alongside search results for any given query:
“For instance, you can add the Knowledge Graph card of Paul McCartney (kgmid=/m/03j24kf) to a search for the Beatles, even though that card would normally not appear for that query,” explained Beukema.

It’s also possible to create a URL that only shows the Knowledge Graph card and omits any search results, by adding the &kponly parameter to the URL. The search bar will still be visible with the original query though, even if it has nothing to do with the Knowledge Card that’s being shown.

These two things combined can be leveraged to carry out propaganda efforts. For instance, a malicious actor could post a custom query URL on social media, supposedly showing real Google search results for a hot-button topic.

The researcher used the example of the query, “Who is responsible for 9/11?” After tampering with the URL, it’s possible to suggest that George W. Bush was responsible for the 9/11 terrorist attack.

While anyone who actually tries to replicate the search results with a query of their own would get a different answer (Osama bin Laden, of course), it can still be a powerful tool for spreading disinformation, particularly to those with a confirmation bias who may be simply scrolling through the News Feed, for instance.

“This allows you to trick others into believing something is true,” Beukema said. “After all, it is a legitimate Google Search link and since we have been trained to trust the answers provided by Google, there must be some truth in it, right?”

The researcher filed a bug report a year ago with Google, advocating the disabling of the &kponly parameter in particular; he said that the internet giant doesn’t consider the issue to be severe enough to be an addressable vulnerability.

“I disagree: in this day and age of fake news and alternative facts, it is irresponsible to have a ‘feature’ that allows people to fabricate false information on a platform trusted by many,” Beukema said.

However, a Google spokesperson told Threatpost that while allowing users to point to specific knowledge panels is part of the company’s mandate to make it easy to share information, it was indeed working to address it. “We share the concern about the potential for bad actors to create misleading distortions of our search results pages, and are working to fix this issue,” she said.

Threatpost:

You MIght Also Read:

Journalists Aim To Detect Deepfakes:

 

« US Vs. China - A Different Kind of Cyberwar
Global Cyber Attacks Up 63% Driven By AI »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Uniscon

Uniscon

Uniscon is a leading provider of cloud security solutions in Europe.

Sepio Cyber

Sepio Cyber

Sepio is the leading asset risk management platform that operates on asset existence rather than activity.

Lynxspring

Lynxspring

Lynxspring provides edge-to-enterprise solutions and IoT technology for intelligent buildings, energy management, equipment control and specialty machine-to-machine applications.

Tempered Networks

Tempered Networks

Tempered Networks delivers the first purpose-built platform for IIoT cybersecurity that allows customers to connect and secure devices in minutes without the need for specialized skills.

Claranet

Claranet

Claranet are experts in modernising and running critical applications and infrastructure through end-to-end professional services, managed services and training.

Quantum Generation

Quantum Generation

Quantum Cyber Security for a new age of communications. We are developing the largest decentralized orbital, and ground quantum mesh network based on blockchain technology.

Cloudrise

Cloudrise

Cloudrise are elevating cloud security, data protection, and privacy through assessment, technology enablement, and process automation.

Forum Systems

Forum Systems

Forum Systems is a global leader in API Security Management with industry-certified, patented, and proven products deployed in the most rigorous and demanding customer environments.

United Network Technologies

United Network Technologies

United Network Technologies is a leading Managed Services Provider, distributor and developer of specialised cyber security components and technologies.

PrivacySavvy

PrivacySavvy

PrivacySavvy's mission is to provide you with all the information that you need to ensure that your internet privacy is intact, your devices are secure, and that any time you step online, you’re safe.

Flexxon

Flexxon

Flexxon is the industry leader to develop NAND flash storage devices. Our key focus is to innovate memory devices ensuring data security and reliability.

CybersCool Defcon

CybersCool Defcon

CybersCool is committed to educate and train, re-skill and up-skill the current workforce of various industries and businesses in the knowledge and know-how of cybersecurity.

Josef Ressel Centre for Intelligent & Secure Industrial Automation

Josef Ressel Centre for Intelligent & Secure Industrial Automation

The Josef Ressel Centre for Intelligent and Secure Industrial Automation investigates the fundamentals of digital assistants for industrial machines that enable intelligent and secure operation.

Guardsman Cyber Intelligence (GCI)

Guardsman Cyber Intelligence (GCI)

GCI provides proven cyber intelligence solutions to protect your business against ever present physical and digital threats shadowing your online business.

Eleviant Tech (CTG Group)

Eleviant Tech (CTG Group)

Eleviant Tech (CTG Group) is a USA based digital transformation company with expertise in Mobile, Cloud, Web, IoT, AR, RPA, Cyberseurity and AI Technologies.

Mitra Informatics Integration (MII)

Mitra Informatics Integration (MII)

Mitra Informatics Integration is the information communication technology solution business of the Metrodata Group.