Governments hacking media: Google experts

Reuters

Twenty-one of the world’s 25 leading news organizations have been the target of likely government-sponsored hacking attacks, according to research by two Google security engineers.

While many Internet users face attacks via email designed to steal personal data, journalists are “massively overrepresented” among such targets, said Shane Huntley, a security software engineer at Google.

The attacks are launched by hackers working for or in support of a government, and specifically target journalists, Huntley and co-author Morgan Marquis-Boire said in interviews. Their paper was presented at a Black Hat conference of hackers in Singapore on Friday.

“If you’re a journalist or a journalistic organization, we will see state-sponsored targeting, and we see it happening regardless of region — we see it from all over the world, both from where the targets are and where the targets are from,” Huntley said.

Both researchers declined to go into detail about how Google monitors such attacks, but said it “tracks the state actors that attack our users.” Recipients of such emails in Google’s Gmail service typically receive a warning message.

Security researcher Ashkan Soltani said in a Twitter post that nine of the top 25 news websites use Google for hosted email services. The list is based on traffic volumes measured by Alexa, a Web information firm owned by Amazon.com. Google also owns VirusTotal, a website that analyzes files and websites to check for malicious content.

Several U.S. news organizations have said they have been hacked in the past year, and Forbes, the Financial Times and The New York Times have all succumbed to attacks by the Syrian Electronic Army, a group of pro-government hackers.

Huntley said Chinese hackers recently gained access to a major Western news organization, which he declined to identify, via a fake questionnaire emailed to staffers. Most such attacks involve carefully crafted emails carrying malware or directing users to a website crafted to trick them into giving up credentials.

Marquis-Boire said that while such attacks are nothing new, their research showed that the number of attacks on media organizations and journalists that went unreported was significantly higher than those made public.

“This is the tip of the iceberg,” he said, noting a yearlong spate of attacks on journalists and others interested in human rights in Vietnam. The attacks usually involved an infected email attachment masquerading as a human rights document.

While many of the world’s biggest media players have been targeted in these attacks, small news organizations, citizen journalists and bloggers are also targeted, Huntley said, noting hacking attacks on journalists in Morocco and Ethiopia.

The problem, Marquis-Boire said, was that news organizations have been slower than other businesses in recognizing the threat and taking action.