News outlets are coping with a wave of cyberattacks as hackers around the world seek to monitor their coverage or deface their websites for publicity.
The latest intrusion at the Washington Post redirected users to a site controlled by the Syrian Electronic Army (SEA), a group that supports embattled President Bashar al-Assad.
{mosads}The attack, which took place last Thursday, affected parts of the paper’s mobile website but did not compromise its internal networks.
Intruders found a way in through a software vendor, declaring in a message, “US govt is training the terrorists to kill more Syrians” and “The media is always lying.”
It was not the first time the Washington Post’s website was hacked, but at a time when the public is becoming more attuned to cyber threats, the news ricocheted around the Internet.
Experts say the incident signals hackers’ dogged attempts to find security weaknesses in major websites to manipulate for their own ends. And the Post is not the only outlet that must guard its gates online.
Virtually every major news outlet has experienced a breach of some kind in the last five years.
The New York Times, Bloomberg News and The Wall Street Journal acknowledged in 2013 that they were victims of cyberattacks originating in China.
The SEA targeted CNBC, the Chicago Tribune and Forbes in a series of intrusions last November.
And the Cyber Caliphate, an online group that claims affiliation with ISIS, stormed the scene this year by targeting Newsweek’s social media accounts, as well as several local news outlets.
Most of the cyberattacks are rudimentary and designed as publicity stunts. But that doesn’t mean papers should let down their guard, experts warned.
“I get that a [Domain Name System/content delivery network] hijack doesn’t count as a sophisticated hack,” tweeted computer scientist Kenn White on May 14.
“But hard to argue that gaining … access to arbitrary global code is [no big deal].”
Hackers who are able to gain a level of control on a website like the Post’s could potentially use that platform to infect visitors’ computers with malicious software.
This situation has happened before: potentially hundreds of thousands of visitors to the Los Angeles Times website might have been served malware over a period of six weeks in 2013.
Of the Post hack, Ars Technica Security Editor Dan Goodin suggested that the level of access gained by seemingly amateur hackers was worrying.
“If a rag-tag band of hacktivists can commandeer a site that’s visited by millions of people, it stands to reason it could also be pierced by criminally motivated hackers who would keep a much lower profile,” Goodin wrote.
Hacking groups vary widely in their motivations for attacking news outlets.
The Cyber Caliphate seems to be most interested in gaining global press coverage for ISIS, the violent jihadist group. The group widely promotes every successful cyberattack online.
On the other hand, Chinese hackers rarely, if ever, divulge their activities targeting journalists’ computers.
In 2013, The New York Times investigated the hack of its computer system and found that cyberattackers appeared to be looking for information on forthcoming pieces about China. The Washington Post and Bloomberg made similar discoveries after intrusions in their networks.