Google engineers Shane Huntley and Morgan Marquis-Boire presented their findings at the Black Hat hackers conference in Singapore today, and told press reporters that while internet users face phishing and spear phishing attacks to steal data on a regular basis, journalists are “massively over represented” as far as targets go.
“If you're a journalist or a journalistic organisation we will see state-sponsored targeting and we see it happening regardless of region, we see it from all over the world both from where the targets are and where the targets are from," Huntley told Reuters on Friday.
Their report followed shortly after independent security researcher Ashkan Soltani revealed on Twitter that nine of the top 25 news websites use Google for hosted email services, with this data reportedly coming from the Amazon-owned web information firm, Alexa. Google engineers refused to comment on how the search giant is able to monitor these attacks, which is perhaps unsurprisingly given the sensitivity around privacy after the details on NSA and GCHQ surveillance.
This research follows a spate of attacks against media outlets in the last year, with the pro-government Syrian Electronic Army bringing down The New York Times, The Financial Times, ITV, Sky and more recently - via social engineering – Forbes.
The researchers note spear phishing as one of the primary tools for compromising journalists and media organisations, as well as troublesome websites. As one example, Huntley said that Chinese hackers recently gained network access to a major Western news organisation – which he declined to name – via a fake questionnaire emailed out to staff, while he noted smaller hacks against journalists in Ethiopia and Morocco.
Marquis-Boire suggests that most news organisations are unaware of the threats. "A lot of news organisations are just waking up to this," he said, before adding: "We're seeing a definite upswing of individual journalists who recognise this is important."
Jason Steer, director of security strategy at FireEye, told SCMagazineUK.com that he was surprised – given his own experience with clients – that the figure was as low as 21 organisations, adding that attackers are “impacting every market vertical we can think of”.
“The only shock is that the security industry has overstated its capability in keeping businesses safe,” said Steer, who said that media is “critical to understanding what dissidents are saying.”
Adrian Culley, technical consultant at Damballa, meanwhile, said that while this news is worrisome, the media companies themselves are starting to up their game around cyber security.
“It interesting this has been announced by Google the same week as Facebook have announced they have developed an in-house tool for Botnet/Advanced Threat detection,” Culley said in an email to SCMagazineUK.com.
“Clearly predictive analysis of data on the scale available to these companies is helping greatly to identify these attacks, whether state sponsored or criminal. Data only has three possible states: static, volatile or in motion. Appropriate analysis of all three will often reveal attacks as even the most skilled threat operators have to be somewhere in the data,” he added.
“Intelligence Agencies and the Media have long had a mutual fascination, and journalists are just as susceptible to phishing attacks as the rest of us.” On the latter point, Steer added that journalists should regularly patch, use the latest anti-virus solutions and use solutions - like Wepawet and VirusTotal – for tracking emails with suspect attachments.