For Russian journalists fighting hacks is part of the job
When news emerged that Kremlin-linked hackers attempted to breach The New York Times Moscow bureau, it probably didn't surprise any journalists working in Russia.
In fact, press freedom advocates say the Russian government constantly monitors independent journalists and aggressively attacks or shuts down controversial news sites.
"The Russian surveillance system is absolutely extensive," says Johann Bihr, who heads up the Eastern Europe and Central Asia desk for press advocacy group Reporters Without Borders. "The [Federal Security Service] has access to the servers of each and every internet server provider at the regional level, so it's quite easy for them to intercept any communication."
Recently, CNN reported that US officials were investigating attacks on Times reporters believed to be carried out by Russian hackers. But the Times subsequently said no systems were breached and it hadn't hired an outside security firm to investigate the incident, contrary to CNN’s report.
The Times' account lead some experts to suggest the apparent attack may have been a failed fraudulent email campaign aimed at the newspaper's office.
While Mr. Bihr said he would not be surprised if Russian spies targeted major US media outlets, he said Russia’s Federal Security Service (known as the FSB) typically takes aim at homegrown journalists.
"Usually [the FSB] is focusing their efforts on outlets that are digging into sensitive stories, such as what RBC were doing,” Bihr said, referring to Russia's largest independent media organization.
After RBC covered corruption allegations linked to President Vladimir Putin’s son-in-law in the Panama Papers leak, Russian authorities searched the offices of RBC's owner and began a criminal investigation examining the company's chief executive.
According to the World Press Freedom Index 2016 by Reporters Without Borders, Russia ranks 148 out of 180 countries. "The climate has become very oppressive for those who question the new patriotic and neoconservative discourse or just try to maintain quality journalism,” the report stated.
While hacking the email accounts of journalists may not be an everyday occurrence, many experts believe the FSB has access to all the communications data stored in Russia, which means gaining access to the emails of most journalists in Russia may be a trivial matter.
The FSB does run into roadblocks when western tech companies don't store data inside Russia. The Russian government is seeking to put pressure on Google and other tech giants such as Facebook and Twitter to store data within its borders, and while Google is believed to have moved some databases to Russian servers, most data remains outside of the government’s purview.
But the Kremlin also has many non-tech tools to clamp down on journalists.
Once a blog has more than 3,000 daily readers, the writes must register with the mass media regulator, Roskomnadzor, and abide by regulations that have been labeled "draconian" by Human Rights Watch.
Distributed denial of service (DDoS) attacks against independent publications that can render websites or blogs inaccessible for hours are also frequently linked to the Kremlin. These attacks typically take place during a major event such as a protest or election, and can serve to silence opposition voices.
Some hacktivist groups are beginning to fight back. The online collective Anonymous International recently hacked into the email accounts of journalists at the pro-government publication Life Media, revealing details of how government-funded operations work.
Many press and privacy organizations are also working to train journalists working in Moscow and elsewhere how to protect themselves from hackers.
“There is increased awareness of the risk of surveillance and increased awareness of the circumvention tools,” said Bihr of Reporters Without Borders. "Several NGOs and associations exist in Russia promoting these tools, but still I would say the general level of awareness is not huge."
