Disinformation for Profit

For some time numerous nation-state actors have realized the power of effective disinformation campaigns. APT groups like Fancy Bear have long realized that including a disinformation campaign along with other operations can influence political events. The Democratic National Committee, along with the US Presidential Campaign incidents can be seen as a benchmark other nation-state actors would look to copy. However, it is not only nation-state actors who have seen potential value in disinformation campaigns, now hackers and other cyber-criminal organizations have begun advertising their skills in conducting such a campaign.

Disinformation campaigns typically involves the abuse of social media platforms to disseminate fake news articles designed to further the attacker’s goal. According to research published by Recorded Future researchers discovered hackers offering disinformation services on Dark Web forums. According to the researchers two separate hackers were seen advertising and conducting such campaigns in exchange for a fee.

To uncover and analyze researchers based at Insikt Group using Recorded Future’s platform and tools, pretended to be a Russian-speaking company to enlist the services of the hackers advertising on the Russian-speaking Dark Web forum. One of the hackers was asked to generate a positive public relations campaign to increase positive propaganda for the fictitious company. While the other hacker was hired to generate a negative disinformation campaign. In both cases, both of the hackers provided highly customizable campaigns that targeted social media platforms as the main driver for disseminating content.

disinformation for profit

It was also discovered upon analysis, that both hackers adopted very similar tactics to those used previously by nation-state threat actors. Such tactics involve the use of already established and newly created social media profiles to disseminate the fake information. In some cases, it appears, real users were used to reply to comments on the various social media platforms used. To further increase the effectiveness of the campaigns conducted hackers would also create articles and blog posts. Content that was created would also be edited and changed if the company hiring the hacker wanted changes to be made. Then these articles would be sent to news platforms, in one case this resulted in an article been published on a news platform. Hackers were also seen using bot accounts on social media to amplify the chances of content been shared across social media platforms. Some bots were seen befriending other human users to send fake information.

The Price of Disinformation

According to the researchers a total of 6,500 USD was spent hiring the hackers who conducted the campaigns. For large companies looking to boost their public relations and trash a competitor’s reputation such cost is more than affordable given the potential payoffs, a campaign could have. Researchers further noted that successfully conducting such a campaign was “alarmingly simple” noting that the campaigns took less than a month and in most cases will involve the creation of content and maintaining of social media accounts and a bot network. This led researchers to conclude that,

“If the ease of this experience is any indication, we predict that disinformation as a service will soon spread from a nation-state tool to one increasingly used by individuals and organizations.”

It is not just the simplicity of the campaigns that will attract business but the prices charged for services and content creation. The first hacker, codenamed Doctor Zhivago by researchers advertised the following prices:

  • 15 USD for an article up to 1,000 characters
  • 8 USD for social media posts and commentary up to 1,000 characters
  • 10 USD for Russian to English translation up to 1,800 characters
  • 25 USD for other language translation up to 2,000 characters
  • 1,500 USD for SEO services to further promote social media posts and traditional media articles, with a time frame of 10 to 15 days for results to be seen.

The second hacker was less specific in terms of cost but does provide researchers with a handy measure of costs associated with their operations. The second hacker, codenamed Raskolnikov, charged the following for services:

  • 150 USD for Facebook and other social media accounts and content
  • 200 USD for LinkedIn accounts and content
  • 350 USD to 550 USD per month for social media marketing
  • 45 USD for an article up to 1,000 characters
  • 65 USD to contact a media source directly to spread material
  • 100 USD per 10 comments for a given article or news story.

Both campaigns were designated a success by researchers as Google searches revealed the disinformation disseminated by both hackers and achieved both the positive and negative objectives as set out by the fictitious company. Researchers noted that the threat posed by such hackers is real in the extreme stating that,

“Disinformation services are publically available on the underground criminal forums, and access to private sector clients — not only nation-states. These services are affordable and customizable. Their operators work in teams to publish articles on media websites and to propagate that material throughout social media accounts under their direct control…They are willing to go to extreme lengths to accomplish their tasks, including filing false accusations with law enforcement against target entities. In the case of Doctor Zhivago, the threat actor offered to file a complaint against our fictitious company for involvement in human trafficking. And even though we used the Raskolnikov threat actor to promote Tyrell Corporation, Raskolnikov also offered a ‘takedown service’ should we ever need to get even with another individual, set someone up at their place of work, destroy a competitor’s reputation, counter an opponent’s disinformation attack, or even ‘sink an opponent in an election.’”

▼ Show Discussion

About the author:

Karolis Liucveikis

Karolis Liucveikis - experienced software engineer, passionate about behavioral analysis of malicious apps.

Author and general operator of PCrisk's "Removal Guides" section. Co-researcher working alongside Tomas to discover the latest threats and global trends in the cyber security world. Karolis has experience of over five years working in this branch. He attended KTU University and graduated with a degree in Software Development in 2017. Extremely passionate about technical aspects and behavior of various malicious applications. Contact Karolis Liucveikis.

PCrisk security portal is brought by a company RCS LT. Joined forces of security researchers help educate computer users about the latest online security threats. More information about the company RCS LT.

Our malware removal guides are free. However, if you want to support us you can send us a donation.

About PCrisk

PCrisk is a cyber security portal, informing Internet users about the latest digital threats. Our content is provided by security experts and professional malware researchers. Read more about us.

Malware activity

Global malware activity level today:

Medium threat activity

Increased attack rate of infections detected within the last 24 hours.

Virus and malware removal

This page provides information on how to avoid infections by malware or viruses and is useful if your system suffers from common spyware and malware attacks.

Learn about malware removal