Most of the world’s top 25 news organizations have been the target of a state-sponsored cyber attack over the past few years, two Google employees declared at a recent technology conference.
Security engineers Shane Huntley and Morgan Marquis-Boire presented the findings of their study at the Black Hat Asia 2014 in Singapore last week. The two Google workers declined to reveal the methodology by which the search giant monitors such attacks, but said more than four-fifths of the world’s top news organizations were targeted by hackers seeking to steal corporate communication and personal identifying information of journalists.
“If you’re a journalist or a journalistic organization we will see state-sponsored targeting and we see it happening regardless of region, we see it from all over the world both from where the targets are and where the targets are from,” Hurtley told the Reuters news agency.
Last January, the New York Times said it suspected hackers with ties to the Chinese government were responsible for an ongoing cyber intrusion on its systems. The Times suggested the four-month campaign by Chinese hackers may have been tied to the paper’s critical reporting on former prime minister Wen Jiabao.
Bloomberg News, the Washington Post and the Wall Street Journal faced similar cyber intrusions also believed to have been conducted by Chinese hackers. A spokesperson for the Chinese Embassy told the Journal that it was “irresponsible and unprofessional” to claim cyber attacks against the paper were tied to Beijing.
In recent months, several international news organizations have been targeted by the Syrian Electronic Army, a group of hackers that were initially believed to have been funded by the Syrian government. In media interviews, hackers with the SEA have denied being involved with the government.
Last year, SEA hackers were able to commandeer the blogs and social media accounts of CNN, Agence France-Presse, Thomson Reuters and more than a dozen other news organizations. The SEA mainly uses phony emails to commandeer the email accounts of journalists, a technique known as a “phishing attack.”
Such phishing attacks recently prompted Google to publish alerts on its Gmail service when it suspects hackers may be trying to gain access to accounts. The Guardian reported on Friday that several of its staff members have recently begun seeing the alert when they log on to their work Gmail accounts.
Nine of the top 25 news organizations use Gmail as their email service, according to Alexa data reviewed by security researcher Ashkan Soltani. Several others use Microsoft’s Outlook product, which claims to help prevent phishing attacks by disabling hyperlinks and moving suspicious messages to a junk mail folder.
Security experts say there are many other techniques that can help prevent a hacker from gaining access to an online account. Most services, including Gmail and Twitter, offer “two-step authentication,” which requires both a password and a special numeric code generated by a mobile phone or other device in order to log in to an account.
“A lot of news organizations are just waking up to this,” Marquis-Boire told Reuters. “We’re seeing a definite upswing of individual journalists who recognize this is important.”