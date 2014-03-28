By Jeremy Wagstaff
SINGAPORE, March 28 Twenty-one of the world's
top-25 news organisations have been the target of likely
state-sponsored hacking attacks, according to research by two
Google security engineers.
While many internet users face attacks via email designed to
steal personal data, journalists were "massively
over-represented" among such targets, said Shane Huntley, a
security software engineer at Google.
The attacks were launched by hackers either working for or
in support of a government, and were specifically targeting
journalists, Huntley and co-author Morgan Marquis-Boire said in
interviews. Their paper was presented at a Black Hat hackers
conference in Singapore on Friday.
"If you're a journalist or a journalistic organisation we
will see state-sponsored targeting and we see it happening
regardless of region, we see it from all over the world both
from where the targets are and where the targets are from,"
Huntley told Reuters.
Both researchers declined to go into detail about how Google
monitors such attacks, but said it "tracks the state actors that
attack our users." Recipients of such emails in Google's Gmail
service typically receive a warning message.
Security researcher Ashkan Soltani said in an earlier
Twitter post that nine of the top-25 news websites use Google
for hosted email services. The list is based on traffic
volumes measured by Alexa, a web information firm owned by
Amazon.com Inc.
California-headquartered Google also owns VirusTotal, a
website that analyses files and websites to check for malicious
content.
"TIP OF THE ICEBERG"
Several U.S. news organisations have said they have been
hacked in the past year, and Forbes, the Financial Times and the
New York Times have all succumbed to attacks by the Syrian
Electronic Army, a group of pro-government hackers.
Huntley said Chinese hackers recently gained access to a
major Western news organisation, which he declined to identify,
via a fake questionnaire emailed to staff. Most such attacks
involve carefully crafted emails carrying malware or directing
users to a website crafted to trick them into giving up
credentials.
Marquis-Boire said that while such attacks were nothing new,
their research showed that the number of attacks on media
organisations and journalists that went unreported was
significantly higher than those made public.
"This is the tip of the iceberg," he said, noting a
year-long spate of attacks on journalists and others interested
in human rights in Vietnam, including an Associated Press
reporter. The attacks usually involved sending the target an
infected email attachment masquerading as a human rights
document.
While many of the world's biggest media players have been
targeted in these attacks, small news organisations, citizen
journalists and bloggers were also targeted, Huntley said,
noting hacking attacks on journalists in Morocco and Ethiopia.
The problem, Marquis-Boire said, was that news organisations
have been slower than other businesses in recognising the threat
and taking action. "A lot of news organisations are just waking
up to this," he said.
Many journalists are now taking individual action to protect
their computers and email accounts, he said. "We're seeing a
definite upswing of individual journalists who recognise this is
important."
(Editing by Ian Geoghegan)