Earlier today, the news broke that Russian intelligence is suspected of hacking journalists at the New York Times and other media outlets. The idea that intelligence agencies would target the media isn't at all surprising. But what may surprise some is how easily a journalist or the company they work for can be targeted.
There are a number of ways a person can be compromised. This number expands if the individual in question is being targeted by an intelligence agency. Criminals have a limited amount of time and resources at their disposal, but governments have no such restrictions.
Funny enough, many of the same tricks that led to massive breaches at healthcare organizations, law firms, government agencies, banks, etc. are the things intelligence agencies will use – namely, software vulnerabilities and Phishing.
According to CNN, the FBI and other U.S. security agencies are investigating various breaches at the New York Times and other media organizations. The prime suspect is Russian intelligence.
It isn't hard to puzzle out why journalists would be top targets. They are rich sources of information.
"Investigators so far believe that Russian intelligence is likely behind the attacks and that Russian hackers are targeting news organizations as part of a broader series of hacks that also have focused on Democratic Party organizations," CNN said.
"US intelligence officials believe the picture emerging from the series of recent intrusions is that Russian spy agencies are using a wave of cyber attacks, including against think-tanks in Washington, to gather intelligence from a broad array of non-governmental organizations with windows into the US political system."
The problem is, while they might be at the top of the target list, journalists are also soft targets.
There isn't a journalist working who doesn't expose themselves to a web-based attack at least once each day. Just meeting a source for coffee is exposure that an attacker can leverage, and that's before the journalist even checks their email. When it comes to the office, journalists have to follow links and open attachments all the time. It's the job.
Some journalists are better at security than others are, but no one is perfect. Given enough time and resources, an attacker will eventually succeed.
The trick is detection and response. In journalism, this requires that you learn what was compromised and how, as quickly as possible. This is critical, because you'll need to know if a story is blown – or worse, if a source has been compromised. It is entirely possible a digital attack against a journalist that exposes a source could led to serious physical harm.
Sometimes, answering those two items will lead you to the person(s) responsible for the attack, but not always. While attribution is a sexy thing in the news these days (and in the security industry too), that doesn't really matter.
Some of you reading this are journalists. It would be easy to list tips on how to protect yourselves and sources, but it isn't that simple. Sure, use Signal on your phone, and use Tor when you surf the Internet, but that isn't a perfect solution. Not to mention, if you don't use them consistently, that's a weakness to be exploited.
Instead of a flat list, take note of some advice posted by the Grugq and make sure you're following all of the security requirements deemed necessary by your IT department and legal teams.
But the sad, honest truth is, if you're being targeted by an intelligence agency, there isn't much you can do about it.