Security Breach

In March, Swedish newspapers’ websites went black, victim of a cyberattack. Head of Swedish Media Publishers’ Association Jeanette Gustafsdotter called it a threat to democracy.

In August of this year, Russian hackers breached The New York Times. It is part of a series of broader hacks focused on the Democratic Party, according to officials at the FBI.

In an interview with Express, New York Times spokeswoman Eileen Murphy said: “Like most news organizations we are vigilant about guarding against attempts to hack into our systems. There are a variety of approaches we take up to and including working with outside investigators and law enforcement. We won’t comment on any specific attempt to gain unauthorized access to The Times.”

Hacks like this are nothing new. On Thanksgiving 2014, Syrian hackers went after The Independent, The London Evening Standard, The Chicago Tribune, The Telegraph, VentureBeat and CNBC. Messages popped up on the sites, informing readers they had been hacked by the Syrian Electronic Army (SEA). No personal data were accessed in the attack.

Previously, the SEA hacked the Associated Press Twitter account to falsely report an explosion at the White House, costing the DOW 150 points. This hack was done through a spearfishing email, where AP media received an email from the United Nations asking them to click on a link. It appeared to log them out of Outlook, but instead when they re-logged in, SEA was given access to the email system.

It took SEA under 10 minutes to gain access.

But it wasn’t just Twitter they gained access to. They had access to a contact list of Syrian rebels contacting reporters.

Hackers target newspapers and media outlets for different reasons. Cybersecurity analyst Wanda Archy says “hacktivists” target newspapers via Distributed-Denial-of-Service (DDoS) for politically or socially motivated purposes. They are looking to disrupt or gain information.

Oftentimes, journalists themselves are hacked. In 2015, Mexican investigative journalist Rafael Cabrera began getting mysterious text messages on his iPhone. He refused to click the links, even as they got more personal, addressing him by his nickname and offering free Uber rides.

If he had opened a link, his phone would have been compromised, giving hackers access to his email and contacts.

“If you suspect that you were victim to a hack, immediately isolate the part of your network that you suspect has been compromised,” Archy says. “This will prevent the infection from spreading without cutting off communication from other parts of your business.”
All journalists should take precautions when using technology. “This includes using strong passwords and shredding any important documents,” she says. She also recommends enhancing security settings when using public WiFi. You’re at risk every time on public WiFi.

Avoid opening attachments and clicking on links from unknown senders. Install security updates when available on your mobile phone. For more information on how to protect yourself, check out CPJ’s Journalist Security Guide.