A short history of hacking attacks against the media

A short history of hack attacks against the media

The revelation of the Chinese hacking campaign against reporters working for the New York Times has raised awareness of targeted malware attacks, but what does the history of cyberattacks against media agencies look like?

Here’s a short (and definitely incomplete) list of some of the stories we have seen over the years, where news agencies have fallen foul of hackers and cybercriminals:

August 2008 A full-blown conflict between Russian and Georgian forces spills over into defacements and denial-of-service attacks against a number of websites. These include the Georgian Ministry of Foreign Affairs website – where hackers posted a collage of photographs comparing Georgian president Mikheil Saakashvili to Adolf Hitler.

One of the sites impacted by the denial-of-service attacks is the Russian news agency RIA.

May 2009 Spammers manage to hack a Twitter account belonging to the New York Times, and attempt to redirect followers to a sexy webcam site.

New York Times's fashion blog apologises for the hacking incident on Twitter

September 2009 Online readers of the New York Times are hit by fake anti-virus attacks.

New York Times warns of poisoned advert

It emerged that the hackers who exposed innocent internet users to malware had bought the poisoned advertising space on the New York Times website directly from the newspaper.

October 2009 A jobs website run by The Guardian newspaper is broken into by hackers, and users’ personal information put at risk.

April 2010 New York Times journalist Andrew Jacobs claims that his Yahoo email account was hacked while he was in Beijing, forwarding all of his correspondence to a third party.

June 2010 The Jerusalem Post website is compromised, and infected with malware.

January 2011 The website of the Mail & Guardian, a weekly South African newspaper, was forced offline following attacks by hackers – said to originate from Russia.

July 2011 The notorious LulzSec hacking gang redirected British tabloid The Sun’s website to their own Twitter feed, and published a story claiming that Rupert Murdoch had been found dead.

Fake news story claiming that Rupert Murdoch is dead

The Sun's report on the arrest of Ryan ClearyThe motivation for LulzSec’s hack against The Sun was unclear, but it was felt that the hacking gang was still angry about the newspaper’s coverage of the arrest of British teenage hacker Ryan Cleary the month before.

July 2011 The Twitter account of Fox News is hacked and publishes the (fake) news of the death of Barack Obama.

August 2011 The Sun warns its readers that if they participated in competitions on their website, they might have had their personal information stolen.

September 2011 Hackers broke into the Twitter account of NBC News, and posted messages claiming that there has been a terrorist attack at Ground Zero in New York. A Christmas Tree trojan, sent to one of NBC’s journalists, is later blamed for the account being compromised.

September 2011 USA Today’s Twitter account is compromised, and spews a number of messages from a group calling itself “The Script Kiddies”.

November 2011 Sky News has its Twitter account hacked, and announces that News Corporation’s Chief Executive and Chairman James Murdoch had been arrested by police in London. He hadn’t.

Tweet from Sky News Biz account

August 2012 Pro-Syrian government messages are planted by hackers on the Reuters news service website, including a fake interview with a Syrian rebel leader. An official Reuters Twitter account is also compromised.

During the first attack, the intruder posted fake news stories on the Reuters site, including an alleged interview with a Syrian rebel leader.

December 2012 Russian news websites were hit by denial-of-service attacks on the day of the national election. One radio station, Moscow Echo, claims that its website was in an attempt to silence its report of voting irregularities.

January 2013 The New York Times says that Chinese hackers have had access to their network for four months, broken into email accounts, and stolen all employees’ passwords. The Wall Street Journal also claimed that its computer systems had been infiltrated by Chinese hackers.

As you can see, most of the reported incidents don’t involve shady state-sponsored cybercriminals trying to steal information from newspaper networks, but there’s no denying that targeted attacks against organisations for the purposes of spying appear to have become a more common occurence.

As the threat becomes more serious, news organisations will need to realise that although they are normally in the business of distributing news – that doesn’t mean that there aren’t third parties interested in breaking into their systems and stealing the information which doesn’t make it into the pages of the daily newspaper.

When the journalists are the hackers

Let’s not forget of course, that hacking hasn’t always been directed towards the journalists and their newspapers. Sometimes it’s been the other way around: