PDA

View Full Version : Top-25 news organizations have been the target of state-sponsored hacking attacks




aGameOfThrones
03-28-2014, 06:48 PM
Reuters) - Twenty-one of the world's top-25 news organizations have been the target of likely state-sponsored hacking attacks, according to research by two Google security engineers.

While many internet users face attacks via email designed to steal personal data, journalists were "massively over-represented" among such targets, said Shane Huntley, a security software engineer at Google.

The attacks were launched by hackers either working for or in support of a government, and were specifically targeting journalists, Huntley and co-author Morgan Marquis-Boire said in interviews. Their paper was presented at a Black Hat hackers conference in Singapore on Friday.

"If you're a journalist or a journalistic organization we will see state-sponsored targeting and we see it happening regardless of region, we see it from all over the world both from where the targets are and where the targets are from," Huntley told Reuters.

Both researchers declined to go into detail about how Google monitors such attacks, but said it "tracks the state actors that attack our users." Recipients of such emails in Google's Gmail service typically receive a warning message.

Security researcher Ashkan Soltani said in an earlier Twitter post that nine of the top-25 news websites use Google for hosted email services. The list is based on traffic volumes measured by Alexa, a web information firm owned by Amazon.com Inc.

California-headquartered Google also owns VirusTotal, a website that analyses files and websites to check for malicious content.

"TIP OF THE ICEBERG"

Several U.S. news organizations have said they have been hacked in the past year, and Forbes, the Financial Times and the New York Times have all succumbed to attacks by the Syrian Electronic Army, a group of pro-government hackers.

Huntley said Chinese hackers recently gained access to a major Western news organization, which he declined to identify, via a fake questionnaire emailed to staff. Most such attacks involve carefully crafted emails carrying malware or directing users to a website crafted to trick them into giving up credentials.

http://www.reuters.com/article/2014/03/28/us-media-cybercrime-idUSBREA2R0EU20140328