The influential journalist H.L. Mencken famously waxed poetic about news reporting, describing it as being “the life of kings.” However, Mr. Mencken’s comment was made in a pre-Internet era, and a more accurate regally-themed quote for the news business may be Shakespeare’s “Uneasy lies the head that wears a crown.” News organizations today face a variety of challenges. Falling print circulations are forcing newspapers to look to their online properties to generate more revenue. Social media has disrupted the traditional reporting process, increasing news organizations’ exposure to hackers and factual errors in the race to break news first. Several high-profile news organizations have recently become the targets of advanced attacks both by hacktivists aiming to embarrass and cybercriminals looking to steal privileged information, tarnishing their reputations and exposing their investigative journalists.
Just last week, The Washington Post reported that its website was compromised by the Syrian Electronic Army (SEA), a hacktivist group sympathetic to Syrian President Bashar al-Asad. For a short time on Thursday, the SEA was able to redirect viewers of washingtonpost.com to their own web site. Incidents like this bring into startling relief the vulnerabilities that online news organizations must start addressing when it comes to hacking.
Hacktivism is becoming the tool of choice for many online groups seeking to draw attention to their causes, and online news sites make tempting targets. Many hacktivists view attacks on news sites they perceive to have biases against their causes to be a particularly effective ways to stick their thumbs in the eyes of their political enemies. High-profile new sites draw millions of readers from all corners of the globe every day. Even the short-term hijacking of a news website can get a hacktivist’s message in front of a portion of those readers, many of whom would otherwise be oblivious to the hacktivist’s cause.
Promoting a political message is only one reason to hack a news site. Financial gain and cyber espionage are others. News organizations live and die by the value of the information they provide. In the process of building a story, journalists often interact with highly influential people in government and business, and those journalists can gain access to information that could be highly damaging (or profitable in the case of financial news) if leaked in advance of a story’s publication or made public in any way at all. This could make new sites a popular target of cybercriminals looking to gain access to sensitive information on a news organizations’ internal network via their external web site. Foreign governments are also targeting news organizations for cyberattack. In January, The New York Times said that Chinese hackers had accessed the company’s network to steal reporters’ user names and passwords. The attack was reportedly motivated by The New York Times’ reporting on members of the Chinese prime minister’s family earning billions of dollars in sweet heart business deals.
Lastly, news sites are targeted by cybercriminals because they are businesses and their owners expect them to make a profit. With print circulations declining, the best revenue stream available to many newspapers is selling ad space on their online properties, and online ad networks are becoming an increasingly popular vehicle for cybercriminals to use to deliver malware. Ad networks are highly automated and often lack security controls to recognize new or sophisticated attacks, opening the door for a cybercriminal to upload malware disguised as an advertisement. With news web sites regularly topping lists of popular online destinations for consumers, what better place for a cybercriminal to post their bogus ad to gain the most exposure for their malware than a news site?
The motivations behind cyberattacks against news organizations are many, but the way the attacks are carried out seams to follow one of two approaches. As discussed above, cybercriminals are using ad networks to disseminate malware, and hacktivists seem to be following suit. The SEA claims it gained access to the washingtonpost.com servers via the Outbrain ad network. Social media has also made news web sites uniquely vulnerable to phishing attacks. Twitter and YouTube have made it possible for anyone in world to break a news story as it’s happening. Knowing this, and in light of today’s 24-hour news cycle and the intense competition from other news organizations, its understandable why a journalist would be quick to click on a link from an unknown source in order to get the scoop. That kind of behavior is phisher’s dream.
Obviously, now that news sites know that hacktivists and cybercriminals have them in their sights, the lesson to be learned here is that cybersecurity needs to be a key part of any news organizations’ online strategy. It’s a lesson that other online businesses and organizations should pay heed to; otherwise some day they just may see their own cybersecurity mishaps make the front page.