The cyberwar against the mediaPosted: August 16, 2013
News organizations have been chronicling the cyberwar against the nation’s high-value targets — financial institutions, the defense establishment and government.Now, it’s the media that finds itself under attack like never before.
On Thursday, The Washington Post announced that its website had been hacked, “with readers on certain stories being redirected to the site” of a group supporting Syrian President Bashar al-Assad. And the New York Post on Tuesday became another victim as several reporters’ Twitter accounts were apparently hacked by the same group, the Syrian Electronic Army.
Cybersecurity experts say that hackers — ranging from those linked to foreign governments to shadowy, “hacktivist” groups to lone wolves — are increasingly targeting the press. In the past year, a host of other prominent news outlets, including The Associated Press, The New York Times, Reuters and NPR, among others, have been hit by high-profile assaults. Experts say it’s high time journalists recognize their vulnerability and adopt more safeguards to protect themselves and the information they have.
The media have become a major front on the cyber battlefield because hackers can use news outlets to put out false information instantly to a large audience, exploit a big platform for political propaganda and acquire confidential information on sources or upcoming stories, experts told POLITICO.
“It’s certainly on the rise this year. It is a big ego thing. It’s great publicity, if you want to get your name out, and that’s satisfying all those buttons for them,” said attorney Claudia Rast at the law firm of Butzel Long, who has counseled companies on legal issues related to privacy and data security. “It’s not going away.”
Major news organizations are simply “a great, high-profile target,” said Adam Meyers, the vice president of intelligence at CrowdStrike, an Internet security start-up that approaches hacking by focusing on the attackers. “You can use the media to put out your own messaging, you can use it to just to get access to lots of information,” he said. “There’s plenty of reasons why you would want to get access to a media organization.”
From penetrating an outlet’s social media feeds or its internal networks, hackers have found success in infiltrating the media, experts note.
The most notable case this year was the attack on the AP’s Twitter in April. The wire service’s official account was commandeered by hackers to send a tweet to its 1.9 million followers that falsely claimed, “Breaking: Two Explosions in the White House and Barack Obama is injured.” The single bogus message caused the financial markets to briefly plummet, and also brought worldwide attention to the mysterious group that claimed responsibility, the Syrian Electronic Army, which supports Assad’s government and is the same group that apparently hacked the New York Post.
“If [hackers] can hack the AP’s Twitter account or another news organization, all it takes is really one bad link [or tweet] to go out and there are potentially millions of followers that can see that, and it only takes a couple of minutes,” said Tom Eston, a manager at SecureState. “Even if they realize that their site’s been hacked, the damage is already done.”
“That’s really what [the hackers are] going for — they want people to start thinking about some type of political message, even if it’s just for a couple of minutes,” he added. “They’ve made the news just because they hacked the AP, and then they’ll come out and say, ‘Yep, we’re the ones who did it and here’s our message,’ and now they’ve gotten even more media attention because they’ve gone after a high-profile target.”
The Syrian Electronic Army claimed responsibility for the AP attack with a message on its website stating that “SEA published a false news about an explosion in the whitehouse and Obama got injured This small tweet created some chaos in the United States in addition to a decline in some U.S. stocks.”
Along with the wide range of tactics used against the media, there are a number of different types of hackers who are specifically focusing on news organizations, including state actors — a country or a person or group working on behalf of a government — who often hack news outlets to target journalists’ confidential sources or try to gain insight into the coverage of their country.
“They really range from either state actors or murky individuals or groups that are possibly associated with state actors, often times that line is very blurry,” Geoff King, the Internet advocacy coordinator for the Committee to Protect Journalists, told POLITICO. “With China, for example, it’s a little hard to tell whether it’s the Chinese government or enterprising hackers who are somehow affiliated with the government. These things are not particularly transparent. But sometimes, it’s just bored hackers.”
The New York Times and The Wall Street Journal both reported early this year that for several months they had been under attack from Chinese hackers who had infiltrated their respective systems. The Times and Journal publisher Dow Jones both reported they had hired the same private cybersecurity firm, Mandiant in Alexandria, Va., to investigate the cyber infiltrations. The Times said in May the company was no longer working for the paper. A Mandiant representative told POLITICO the company doesn’t discuss clients and would not say if they were “currently working for any news outlets or, if so, which they might be.”
The hackers, believed to have government ties, could have been able to spy on reporters covering China, identify their sources and gather information about upcoming stories, both the Journal and the Times noted in their reporting in January.
For hackers of all stripes, the “goals could be to draw attention to their cause and to embarrass U.S. media companies or the U.S. itself,” King said. “But really, the truly frightening issue — and why it’s so crucial for journalists to be aware of these issues — is that they’re going after sources. They’re going after unpublished work product that is incredibly sensitive in many cases.”
And as targets, journalists, even those who are part of organizations with cybersecurity teams, need to be more security-minded themselves, King added. Journalists and news outlets both need to take security steps, from creating strong passwords to encrypting communications to using two-factor authentication for social media, to fend off attacks, he said. News outlets and journalists should use a virtual private network, encryption options like FileVault or Bitlocker, updated anti-virus software and other easy-to-install tools like Tor, free software for anonymizing and encrypting communications online, or the HTTPs Everywhere browser security plugin that maximizes the number of sites a person connects to securely.
“The individuals who work in many of these big news organizations are usually the weak links,” King said. “And there are a number of ways to engage in self-help. Most major organizations have … security teams as they are targets. And then on an individual level, individual journalists need to be thinking about these things as well.”
In one of the most recent actions claimed by the SEA, several New York Post reporters’ personal Twitter accounts on Tuesday were hacked with the message “Syrian Electronic Army Was Here,” and a Twitter account linked on the tweets also posted a screenshot of the same statement apparently on the Post’s Facebook page. Post spokeswoman Suzi Halpin said “some of our social media sites were briefly compromised” and that the paper was “addressing the issue.”
The official Thomson Reuters Twitter account was hacked at the end of July, in another incident claimed by the SEA, and over a half-hour period posted a series of tweets of pro-Assad political cartoons before the account was suspended. Thomson Reuters corporate affairs manager David Girardin told POLITICO the company “takes the security of its global systems extremely seriously” but “does not discuss the actions it takes against any threats, actual or perceived, publicly.”
AP director of media relations Paul Colford also said the news organization does not comment on security measures, but he noted in an email that he wanted to “add only a wish for caution in accepting as fact, as many media did, certain claims of outside groups regarding the hacking of various Twitter feeds.”
Experts agree that spear-phishing and other traditional hacking activities are likely to remain on the scene — the older methods are still effective, after all, and the “adversary doesn’t need to take out their new shiny weapon when the old blunt one is still working,” Meyers said.
Spear-phishing, for example, targets a specific individual because the hacker wants to gain access to their organization. The victims who click on the link in a malicious email get hit with malware that can harvest their personal information and help the hackers gain access to more individuals in the organization or to the private networks within it. And just last month, the FBI warned that spear-phishing attacks to compromise computer networks are on the rise.
“You couldn’t do it before from a foreign country, and now you can have someone sitting in their living room or a building attacking across the world,” said Andrew Serwin, a partner in the Morrison & Foerster global privacy and data security firm, noting media outlets are high-value targets because of their “societal relevance.” “It’s a new way to project cyber force. Now, the cyberthreat really is directed to the private sector to have a public-sector impact.”