For Russian journalists fighting hacks is part of the job

When news emerged that Kremlin-linked hackers attempted to breach The New York Times Moscow bureau, it probably didn't surprise any journalists working in Russia.

In fact, press freedom advocates say the Russian government constantly monitors independent journalists and aggressively attacks or shuts down controversial news sites.

"The Russian surveillance system is absolutely extensive," says Johann Bihr, who heads up the Eastern Europe and Central Asia desk for press advocacy group Reporters Without Borders. "The [Federal Security Service] has access to the servers of each and every internet server provider at the regional level, so it's quite easy for them to intercept any communication."

Recently, CNN reported that US officials were investigating attacks on Times reporters believed to be carried out by Russian hackers. But the Times subsequently said no systems were breached and it hadn't hired an outside security firm to investigate the incident, contrary to CNN’s report.

The Times' account lead some experts to suggest the apparent attack may have been a failed fraudulent email campaign aimed at the newspaper's office.

While Mr. Bihr said he would not be surprised if Russian spies targeted major US media outlets, he said Russia’s Federal Security Service (known as the FSB) typically takes aim at homegrown journalists.

"Usually [the FSB] is focusing their efforts on outlets that are digging into sensitive stories, such as what RBC were doing,” Bihr said, referring to Russia's largest independent media organization.

After RBC covered corruption allegations linked to President Vladimir Putin’s son-in-law in the Panama Papers leak, Russian authorities searched the offices of RBC's owner and began a criminal investigation examining the company's chief executive.

According to the World Press Freedom Index 2016 by Reporters Without Borders, Russia ranks 148 out of 180 countries. "The climate has become very oppressive for those who question the new patriotic and neoconservative discourse or just try to maintain quality journalism,” the report stated.

While hacking the email accounts of journalists may not be an everyday occurrence, many experts believe the FSB has access to all the communications data stored in Russia, which means gaining access to the emails of most journalists in Russia may be a trivial matter.

The FSB does run into roadblocks when western tech companies don't store data inside Russia. The Russian government is seeking to put pressure on Google and other tech giants such as Facebook and Twitter to store data within its borders, and while Google is believed to have moved some databases to Russian servers, most data remains outside of the government’s purview.

But the Kremlin also has many non-tech tools to clamp down on journalists.

Once a blog has more than 3,000 daily readers, the writes must register with the mass media regulator, Roskomnadzor, and abide by regulations that have been labeled "draconian" by Human Rights Watch.

Distributed denial of service (DDoS) attacks against independent publications that can render websites or blogs inaccessible for hours are also frequently linked to the Kremlin. These attacks typically take place during a major event such as a protest or election, and can serve to silence opposition voices.

Some hacktivist groups are beginning to fight back. The online collective Anonymous International recently hacked into the email accounts of journalists at the pro-government publication Life Media, revealing details of how government-funded operations work.

Many press and privacy organizations are also working to train journalists working in Moscow and elsewhere how to protect themselves from hackers.

“There is increased awareness of the risk of surveillance and increased awareness of the circumvention tools,” said Bihr of Reporters Without Borders. "Several NGOs and associations exist in Russia promoting these tools, but still I would say the general level of awareness is not huge."

CSMonitor

 

 

« Russian Cyber Spies & Hackers Are The New Normal
French Submarine Builder Admits Data-Warfare Breach »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Malware.lu

Malware.lu

Malware.lu is a repository of malware and technical analysis. The goal of the project is to provide samples and technical analysis to security researchers.

CYBERPOL

CYBERPOL

CYBERPOL's mission is to facilitate the widest possible mutual assistance between all cyber crime law enforcement authorities to help mitigate global cyber threats.

Spanish Network of Excellence on Cybersecurity Research (RENIC)

Spanish Network of Excellence on Cybersecurity Research (RENIC)

RENIC is a membership based sectoral association that includes research centers and other agents of the research cybersecurity ecosystem in Spain.

International Cybersecurity Institute (ICSI)

International Cybersecurity Institute (ICSI)

ICSI is a UK company offering specialized and accredited professional qualifications in cybersecurity for young IT graduates as well as mature professionals.

Commonwealth Cyber Initiative (CCI)

Commonwealth Cyber Initiative (CCI)

The Commonwealth Cyber Initiative is establishing Virginia as a global center of excellence at the intersection of security, autonomous systems, and data.

ImpactQA

ImpactQA

ImpactQA is a global leading software testing & QA consulting company. Ten years of excellence. Delivering unmatched services & digital transformation to SMEs & Fortune 500 companies.

KeyData Associates

KeyData Associates

KeyData is a recognized leader in cybersecurity services specializing in Identity and Access Management (IAM), Customer Identity & Access Management (CIAM) and Privileged Access Management (PAM).

Trusted Security Solutions (TSS)

Trusted Security Solutions (TSS)

TSS are specialist in IT Security and providing Cybersecurity Solutions & Services combined with storage and backup.

SpireTec Solutions

SpireTec Solutions

SpireTec Solutions is an IT management training company offering 1500+ courses with state of art training facilities backed by a team of industry experts in various domains including cybersecurity.

Epoch Concepts

Epoch Concepts

Offering a full line of IT services, solutions, and integration capabilities, Epoch Concepts is the trusted partner of the US military, federal agencies, private enterprises, and systems integrators.

iNovex

iNovex

iNovex is a community of innovators that work together to solve hard problems. We partner with you to meet problems head-on and push boundaries with technology solutions.

Action Fraud

Action Fraud

Action Fraud is the UK’s national reporting centre for fraud and cyber crime where you should report fraud if you have been scammed, defrauded or experienced cyber crime.

Lineaje

Lineaje

Lineaje solves critical Software Supply Chain security problems faced by every organization that builds, uses or sells software.

Boltonshield

Boltonshield

Boltonshield provide a unique and proactive approach to cyber defence with managed security services, integrated technologies, and a team of security experts, ethical hackers and analysts.

Judy Security

Judy Security

Judy provides smart, simple, effective, all-in-one cybersecurity for SMBs. Get the 24/7 protection and support you deserve, at a price you can afford.

Acumen

Acumen

Acumen's cyber security engineers protect your critical systems, in critical moments. We are here when you need us most.