Threat intelligence API Docs Pricing Solutions Resources Contact us

Blog

Read other articles

The Media Investigative Platform Helps Journalists Dig Behind the News

Posted on September 18, 2019
The Media Investigative Platform Helps Journalists Dig Behind the News

In March 2017, the ‘Bloomberq’ news website reported that the CIA award in the form of a medal of honor to the Saudi Crown Prince was a show of support for the monarch. The CitizenLab cites in a May 2019 investigative article that the site was fake (hence, the apparent misspelling of the reputable Bloomberg name). CitizenLab attributed Iranian trolls with creating 72 lookalike domains and 153 fake news articles. It took nearly two years of research and analysis for the deception to become public.

Increasingly, the origins of the news we consume about the real world can be found in the digital realm. The information load of emails and websites and social media platforms is coursing into our lives and social interactions at a dizzying pace and sometimes to devastating effect. In October 2018, in the run-up to the United States Congressional elections, Facebook closed down a network of 82 accounts, pages and groups originating in Iran which sought to spread divisive fake news and propaganda ahead of November's mid-term congressional elections.

It is becoming increasingly difficult for consumers to tell facts from fiction, while the credibility of journalism itself has been called into question. Journalists need new tools to supplement their traditional approach to “getting the story right.” The Media Investigative Platform provides the kind of internet website domain research tools that cybersecurity journalists, mainstream journalists, and investigative journalists with the ability to perform deep-dives into the internet sources making and promoting the news. Media Investigative Platform is a product of ThreatIntelligencePlatform.com, which provides the cybersecurity community the means to track and foil cybercriminals and protect the online reputations of brands.

Mainstream Journalist

One of the most important tools in the Media Investigative Platform arsenal that a journalist can use to determine the veracity of news published on websites and through social media platforms is the Domain Name Analysis Tool. The tool reveals vital information about a website name or IP address.

One of the most illustrative features of the tool is a world map that resolves an IP address. IP resolution shows where the data and infrastructure for the address resides. Suspicious IP addresses will show clusters of the IP’s composition in regions that belie a website’s messaging (so for example, a website that publishes content about American political issues with servers resolved in Eastern Europe may not have American civil discourse in its interests.)

A world map that resolves an IP address

The Domain Name Analysis Tool also lists websites associated with a target IP address. Users can run an analysis of each of the associated websites to develop reports with the same GUI format. In this way, journalists can detect whether a number of related websites were set up in a short time frame with a similar intention. The listing may also help determine the spelling conventions criminals or nation-states may be used to spoof legitimate websites.

Journalists can also see from the report what services issued the IP address, and to whom. Reporters can follow up on this information to determine whether the websites were created with recognized services. A particularly pertinent section of the report displays whether the website hosts malicious content and what sort: phishing, botnet command-and-control, malware, spam, and more. The report also displays WHOIS information with identifying attributes about the ownership of the IP address: name, address, state/province, country, and more. Journalists can track down whether a name and registered address are false. Search results on contact information may reveal other suspicious activity on the internet from that individual profile. Expiration information can help determine whether the website’s creators had long-term interests in the IP address or not.

Meanwhile, investigative journalists often seek to dig deeply into a subject and to connect the dots between disparate pieces of information. Media Investigative Platform can aid them in their search for the truth.

Investigative Journalists Tools

An important aspect of an investigative journalist’s research into corporate or government corruption is the tracing of shell companies, which often have bogus websites associated with them. In addition to The Domain Name Analysis Tool, reporters developing a hot story can use The Media Investigative Platform’s Domain’s Infrastructure Analysis API to determine the origin of a website down to its longitude, latitude, and time zone of the IP address.

Domain’s Infrastructure Analysis API can also analyze a fake Domain's Infrastructure. The output from the domain presents data about the web, mail, and name servers for a given domain name, as well as its known subdomains. Subdomains are like rooms in a house, wherein each space can offer information about the integrity of the entire structure. The tool also offers information about the subnet to which the website belongs. Subnet information can indicate other IP addresses related to a website, which may themselves be suspicious. Inputting the related IP addresses into The Domain Name Analysis Tool could provide more background information about the associated websites.

Cybersecurity Journalists

Cybersecurity is one of the most active technology reporting fields around today. With ransomware attacks on corporations occurring daily, data breaches of corporate networks appearing weekly in the news, and nation-states targeting foreign governments and enterprises at a dizzying pace, cybersecurity journalists have a great deal to research and report on.

After determining the efficacy of a website with The Domain Name Analysis Tool, tech journalists can drill down into whether a website harbors malware with the Domain Malware Check API.

The Malware Check presents users with a composite safety score for domains. The API determines the level of a domain’s ability to infect computers based on several security data sources. The API reports whether a domain is a potential threat on a scale of “0” (dangerous) to “100” (safe). The tool also indicates which malware trackers blacklisted the website and why. Hackers may also use the website to launch bots.

Often, hackers will set up malicious domains under the same IP address to host the bots. The Connected Domains API provides information on whether a domain with a blacklisted website is part of a group of domains created by hackers. Reporters can use the information to extend their search to the behavior of related sites, which may be useful in alerting the cybersecurity community, law enforcement agencies, and organizations that may be vulnerable to intrusion from the sites.

Cybersecurity journalists can obtain even more technical information about a domain name with the SSL Certificate Chain API. The API can determine if the certificate of the website as well as the company that issued the certificate is valid. Hackers sometimes fake certificates to convince a user’s browser that the website is valid; when it may, instead, harbor malware. The SSL Configuration Analysis API follows the certificate chain back to the server that created the certificate. The Configuration Analysis API will determine the legitimacy of the server in providing certificates by checking if the server is on the blacklist.

Cybersecurity analysts can also retrieve a list of domain names resolving to a given IP address, including its subdomains, with the Connected Domains API. Legitimate websites may actually be sharing an IP address with websites on blacklists, in which case the approved website may find, for instance, that it cannot send emails or access particular websites. To determine the reputation of the websites in the IP “neighborhood” of a website, The Media Investigative Platform provides a Domain Reputation API.

The API enables information security professionals, researchers, and threat analysts to determine if a domain has a history of serving up malware. If domain registrars have blacklisted the domain, the Domain Reputation API will report whether the site registers a “0” for dangerous up to a “100,” which is safe. The API can perform a fast scan or a full, in-depth scan.

Whether it comes to determining the veracity of a report, tracing the threads of corruption, or alerting the cybersecurity community to “threats in the wild”, ThreatIntelligencePlatform.com’s Media Investigative Platform offers journalists tools that will keep them one step ahead in the harmful games that bad actors play.

Contact us to learn more about how ThreatIntelligencePlatform.com can improve your research capabilities.

Read other articles
Have questions?

We work hard to improve our services for you. As part of that, we welcome your feedback, questions and suggestions. Please let us know your thoughts and feelings, and any way in which you think we can improve our product.

For a quick response, please select the request type that best suits your needs.

Or shoot us an email to

Threat Intelligence Platform uses cookies to provide you with the best user experience on our website. They also help us understand how our site is being used. Find out more here. By continuing to use our site you consent to the use of cookies.