The ‘fake news’ challenge for  rst responders
Has .gov been pwned?
BY MATT LEONARD
The governments of Australia and the United Kingdom are now using the Have I Been Pwned? website to see whether any of their domain addresses have shown up in the data breaches the system is tracking.
Haveibeenpwned.com was created by Troy Hunt, an Australia-based independent security expert, to allow internet users to see if their email addresses have been compromised in a data breach. Hunt announced the government projects in early March.
All U.K. government domains have been enabled for centralized monitoring by the National Cyber Security Centre. Likewise, the Australian Cyber Security Centre can monitor all .gov.au domains on demand, Hunt said.
Although the governments will be using a commercial version of the service, Hunt is making it available for free. Officials will be able to query email addresses associated with
their domains — .gov.uk and .gov. au, respectively — and sign up to be notified if any domain becomes associated with a new breach.
“It means that within minutes of one of their email addresses being found andloadedintoHIBP,they’llknow about it,” Hunt wrote in a blog post. •
BY MARK ROCKWELL
In addition to fires, floods, active- shooter events, and other natural and manmade crises, first responders often must deal with misinformation about breaking events polluting social media and putting people at risk.
A federal advisory group based at
the Department of Homeland Security’s Science and Technology Directorate
has been studying the problem of fake news as it pertains to first responders. The Social Media Working Group
for Emergency Services and Disaster Management, part of the Homeland Security Science and Technology Advisory Committee, released a report in February that outlines best practices for using and monitoring Twitter, Facebook and other social media platforms during an ongoing disaster or other event.
The report notes that bad actors with malicious agendas often use hashtags and other links to divert social media traffic toward advertising or coordinated phishing scams. Furthermore, even well-intentioned social media posts can mislead people.
The authors cite a Facebook post about the 2015 earthquake in Nepal that asked for help for a village that had been devastated in the event.
That village, however, had already
been assisted by a nongovernmental organization. The post reached 350,000 people worldwide in just a few days, but the social sharing wound up wasting time and resources.
Another cautionary tale involved the Oroville, Calif., dam that developed structural problems in 2017,
threatening the Sacramento area with flooding. Locations near the dam were under an evacuation order, but a map tweeted by the National Weather Service showing the entire potential flooding area was misinterpreted as showing the evacuation area.
That misunderstanding led to many unnecessary 911 calls from local residents. Sacramento area emergency services however, quickly did a Facebook Live broadcast and Periscope video to counter the misinterpretation.
Another tip gleaned from the Oroville dam episode is the importance of capitalizing on support from trusted volunteers to minimize rumors.
Other best practices include training emergency responders to recognize misinformation or bad information, working with local broadcast media
to disseminate accurate information, actively pointing out disinformation and rumors on social media platforms, and making sure new information is identified and tagged so that users understand they are getting the most recent news. •
  GCN FEBRUARY/MARCH 2018 • GCN.COM 9
 CASTLESKI/SHUTTERSTOCK