A fraudulent website that cloned the BBC has gone offline after it received a surge of traffic for running a bogus story concerning the violence at French satirical newspaper Charlie Hebdo.
The website had a domain name similar to the legitimate one of the BBC, according to OpenDNS, which detected a spike of DNS (Domain Name System) requests to the website and wrote a blog post on Tuesday. DNS queries translate a domain name into an IP address that can be called into a browser.
The bogus site most recently carried a fake news story questioning the authenticity of footage of the fatal shooting of a Muslim police officer shortly after the attacks at the newspaper’s offices on Jan. 7.
The story suggested the video of police officer Ahmed Merabet’s death was recorded over two takes and may have been a plot by U.S. or Israeli intelligence agencies to incite hatred against Islam.
The website went offline on Monday afternoon after it had been live since around Dec. 28, said Andrew Hay, senior security research lead and evangelist for OpenDNS. The domain name now redirects to a Blogger domain with an image that says, “Wake up, Neo.”
Those who created the site made two other attempts prior to the Charlie Hebdo attacks to pull traffic to their site, Hay said.
Links were posted on Twitter that said a “U.K. YouTuber” had been arrested in the Middle East on terror charges, an apparently false news tip. After that failed to draw traffic, new tweets appeared promising clues for an Internet cryptographic challenge called Cicada 3301.
But the website began drawing as many as 3,600 views an hour after it posted an article on Jan. 12 questioning aspects of the Charlie Hebdo attacks, Hay said.
The fake BBC site did not host malware or attempt to redirect people to other malicious websites, Hay said. But he thinks its creators have been experimenting with techniques to draw large amounts of traffic, possibly for future attacks.
“Because there is no proof of any malicious activity, part of me thinks this is a dry run or trial to see what resonates best,” Hay said in a phone interview on Tuesday.
Curiously, the bogus article had a link to a story on the website of Press TV, an English-language Iranian news outlet run by the Islamic Republic of Iran Broadcasting organization.
The story on Press TV drew on material from the personal blog of Paul Craig Roberts, a former U.S. Treasury official under President Ronald Reagan and former associate editor at the Wall Street Journal.
In the quoted blog post, Roberts called the Charlie Hebdo incident an “alleged terrorist attack” and questioned its attribution.
Security experts have spotted dubious news websites before that were created as covers for social engineering attacks.
In May 2014, the computer security company iSight Partners said it uncovered a campaign by suspected Iran-based hackers that in part used a fake online news site to gather intelligence on U.S. military members, lawmakers and journalists.
The hackers created fake social networking profiles for employees of the news site, called “NewsOnAir.org,” which copied stories from legitimate publishers such as Reuters, the BBC and the Associated Press.
The profiles were then used to befriend associates of the hackers’ real targets, who were eventually approached, according to iSight. Victims allowed connections after seeing their colleagues were connected with the fake profiles.