|
 While many internet users face attacks via email designed to steal
personal data, journalists were "massively over-represented" among
such targets, said Shane Huntley, a security software engineer at
Google.
The attacks were launched by hackers either working for or in
support of a government, and were specifically targeting
journalists, Huntley and co-author Morgan Marquis-Boire said in
interviews. Their paper was presented at a Black Hat hackers
conference in Singapore on Friday.
"If you're a journalist or a journalistic organization we will see
state-sponsored targeting and we see it happening regardless of
region, we see it from all over the world both from where the
targets are and where the targets are from," Huntley told Reuters.
Both researchers declined to go into detail about how Google
monitors such attacks, but said it "tracks the state actors that
attack our users." Recipients of such emails in Google's Gmail
service typically receive a warning message.
Security researcher Ashkan Soltani said in an earlier Twitter post
that nine of the top-25 news websites use Google for hosted email
services. The list is based on traffic volumes measured by Alexa, a
web information firm owned by Amazon.com Inc.
California-headquartered Google also owns VirusTotal, a website that
analyses files and websites to check for malicious content.
"TIP OF THE ICEBERG"
Several U.S. news organizations have said they have been hacked in
the past year, and Forbes, the Financial Times and the New York
Times have all succumbed to attacks by the Syrian Electronic Army, a
group of pro-government hackers.
Huntley said Chinese hackers recently gained access to a major
Western news organization, which he declined to identify, via a fake
questionnaire emailed to staff. Most such attacks involve carefully
crafted emails carrying malware or directing users to a website
crafted to trick them into giving up credentials.
[to top of second column] |
Marquis-Boire said that while such attacks were nothing new, their
research showed that the number of attacks on media organizations
and journalists that went unreported was significantly higher than
those made public.
"This is the tip of the iceberg," he said, noting a year-long spate
of attacks on journalists and others interested in human rights in
Vietnam, including an Associated Press reporter. The attacks usually
involved sending the target an infected email attachment
masquerading as a human rights document.
While many of the world's biggest media players have been targeted
in these attacks, small news organizations, citizen journalists and
bloggers were also targeted, Huntley said, noting hacking attacks on
journalists in Morocco and Ethiopia.
The problem, Marquis-Boire said, was that news organizations have
been slower than other businesses in recognizing the threat and
taking action. "A lot of news organizations are just waking up to
this," he said.
Many journalists are now taking individual action to protect their
computers and email accounts, he said. "We're seeing a definite
upswing of individual journalists who recognize this is important."
(Editing by Ian Geoghegan)
[© 2014 Thomson Reuters. All rights
reserved.] Copyright 2014 Reuters. All rights reserved. This material may not be published,
broadcast, rewritten or redistributed.
 |
