The conversation about the types of cyber attacks against journalists and the ways to prevent the situations, when journalists are the targets of such attacks, took place at the Hackers’ Corner of International Journalism Festival.


Carola Frediani, La Stampa and Claudio Guarnieri from the Citizen Lab University of Toronto

The talk started off with Carola Frediani introducing the topic and underlining, that cyber attacks against journalists will probably increase in the future. “Attacking journalists in public is not nice”, but cyber attacking them by sending e-mails containing spyware or reaching and interrogating with the sources of information through journalists – that is more sophisticated and easy.

Citizen Lab is a research group specialized on security and tracking down the cyber attacks.

The lab investigates different cases such as cyber attacks of journalists which happened in 2012 in Morocco or a situation, when a journalist was targeted in Ethiopia. The case of the ESAT – Ethiopian TV – is based on the fact, that this project used Skype to contact the sources. This application became a trusted vehicle in the communication. But when someone is arrested, all the electronic equipment is seized. After that the accounts are used to get in contact with the journalists, establish trust and then sabotage the work of journalists by pretending to be the original sources of information.

Another way of installing a spyware at someone’s computer is tricking the targeted person to open a document, which was sent by e-mail. As soon as such document is open, the computer is infected.

In case of ESAT this kind of attack didn’t work.

One more case described by the speakers is the cyber attacking in South America, which spread all over Argentina, Brazil and other countries. Huge spying operation according to Claudio Guarnieri. This case was investigated by the Citizen lab. In such situations it is highly difficult to track the real attacker which is behind the operation, like a government or another major actor. Moreover, as the speakers agreed, it is not always governments, but others can be involved depending on the situation or the country, there are multiple subjects on this arena.

The most common type of attack is phishing. That is simply the practice of sending an email without any attachment pretending to be google or facebook. The targeted person is asked to insert credentials. If a journalist does that, the whole network is compromised. “It’s not just you,

you need to protect your sources and beliefs”, said Guarnieri. The lesson #1 in a situation like that:

google and facebook will never ask you to login through mail.

Spearphishing is another very common attacking method. It is hard to deal with if it is crafted well. Lesson here is: if you receive unsolicited mails with news, which are probably too good to be true, delete it. There is no guarantee in tracking this kind of spyware, “there is no easy answer to this”, said Guarnieri.

Strategic web compromise has occasional popularity and really hard to prevent. The knowledge about how to maintain a website is needed to prevent this kind of attacking. This knowledge is completely out of scope of a journalist, so in this case one can get a consultation from a security expert.

A very rare kind of attack – network injection. This is how it works: if a journalist uses MS Office or Adobe reader, this programs check for update without asking. It is a very standard procedure, which can be easy highjacked. A journalist can’t even notice that the computer was compromised.

IP steal is very common and mostly pressed through social media, prevention in this case is easy.

Passive wiretapping – as time goes on and technology improves, this will probably decrease in popularity, but still happens.

Also there are cases, when we even cannot understand which types of attacks are used, as speakers agreed.

In conclusion, Guarnieri presented tools to protect yourself from cyber attacking.

  • Tor – a browser similar to FireFox, anonymous browsing.
  • Tails – Tor-enabled operating system
  • Subgraph OS
  • Signal – encrypted messaging
  • OTR – a platform to communicate, encrypted chat
  • PGP – encrypted mail, difficult to maintain and understand, a really hard thing to use.
  • Basic digital hygiene

Victoria Kolesnichenko