For Russian journalists fighting hacks is part of the job

When news emerged that Kremlin-linked hackers attempted to breach The New York Times Moscow bureau, it probably didn't surprise any journalists working in Russia.

In fact, press freedom advocates say the Russian government constantly monitors independent journalists and aggressively attacks or shuts down controversial news sites.

"The Russian surveillance system is absolutely extensive," says Johann Bihr, who heads up the Eastern Europe and Central Asia desk for press advocacy group Reporters Without Borders. "The [Federal Security Service] has access to the servers of each and every internet server provider at the regional level, so it's quite easy for them to intercept any communication."

Recently, CNN reported that US officials were investigating attacks on Times reporters believed to be carried out by Russian hackers. But the Times subsequently said no systems were breached and it hadn't hired an outside security firm to investigate the incident, contrary to CNN’s report.

The Times' account lead some experts to suggest the apparent attack may have been a failed fraudulent email campaign aimed at the newspaper's office.

While Mr. Bihr said he would not be surprised if Russian spies targeted major US media outlets, he said Russia’s Federal Security Service (known as the FSB) typically takes aim at homegrown journalists.

"Usually [the FSB] is focusing their efforts on outlets that are digging into sensitive stories, such as what RBC were doing,” Bihr said, referring to Russia's largest independent media organization.

After RBC covered corruption allegations linked to President Vladimir Putin’s son-in-law in the Panama Papers leak, Russian authorities searched the offices of RBC's owner and began a criminal investigation examining the company's chief executive.

According to the World Press Freedom Index 2016 by Reporters Without Borders, Russia ranks 148 out of 180 countries. "The climate has become very oppressive for those who question the new patriotic and neoconservative discourse or just try to maintain quality journalism,” the report stated.

While hacking the email accounts of journalists may not be an everyday occurrence, many experts believe the FSB has access to all the communications data stored in Russia, which means gaining access to the emails of most journalists in Russia may be a trivial matter.

The FSB does run into roadblocks when western tech companies don't store data inside Russia. The Russian government is seeking to put pressure on Google and other tech giants such as Facebook and Twitter to store data within its borders, and while Google is believed to have moved some databases to Russian servers, most data remains outside of the government’s purview.

But the Kremlin also has many non-tech tools to clamp down on journalists.

Once a blog has more than 3,000 daily readers, the writes must register with the mass media regulator, Roskomnadzor, and abide by regulations that have been labeled "draconian" by Human Rights Watch.

Distributed denial of service (DDoS) attacks against independent publications that can render websites or blogs inaccessible for hours are also frequently linked to the Kremlin. These attacks typically take place during a major event such as a protest or election, and can serve to silence opposition voices.

Some hacktivist groups are beginning to fight back. The online collective Anonymous International recently hacked into the email accounts of journalists at the pro-government publication Life Media, revealing details of how government-funded operations work.

Many press and privacy organizations are also working to train journalists working in Moscow and elsewhere how to protect themselves from hackers.

“There is increased awareness of the risk of surveillance and increased awareness of the circumvention tools,” said Bihr of Reporters Without Borders. "Several NGOs and associations exist in Russia promoting these tools, but still I would say the general level of awareness is not huge."

CSMonitor

 

 

« Russian Cyber Spies & Hackers Are The New Normal
French Submarine Builder Admits Data-Warfare Breach »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

ACIS Professional Center

ACIS Professional Center

ACIS provides training and consulting services in the area of information technology, cybersecurity, IT Governance, IT Service management, information security and business continuity management.

eco

eco

eco, with more than 950 member organizations, is the largest Internet industry association in Europe.

Verlingue

Verlingue

Verlingue (formerly ICB Group) is a leading corporate insurance broker providing Insurance, Risk Management and related advice to businesses and private clients.

4iQ

4iQ

4iQ fuses surface, social, deep and dark web sources to research and assess risks to people, infrastructure, intellectual property and reputation.

Cyxtera Technologies

Cyxtera Technologies

Cyxtera offers powerful, secure IT infrastructure capabilities paired with agile, dynamic software-defined security.

VaultOne

VaultOne

VaultOne is a next-generation security solution that addresses security issues from different domains (Password Manager, Secure Access, PAM, Identity Management) as a single, integrated solution.

IAmI Authentications

IAmI Authentications

IAmI is a first in Tokenization Cloud-based IAM Security Services, delivering the most advanced form of Two-Factor Authentication.

LinkUp

LinkUp

LinkUp is a leading data-driven job search company. Every day we index millions of job openings directly from employer websites.

Sentinel

Sentinel

Sentinel works with governments, media and defence agencies to help protect democracies from disinformation campaigns by developing a state-of-the-art AI detection platform.

Zephyr Project

Zephyr Project

The Zephyr Project strives to deliver the best-in-class RTOS for connected resource-constrained devices, built to be secure and safe.

Opticks Security

Opticks Security

Opticks provides fraud detection and monitoring solutions for leading brands. agencies and networks. Our relentless mission is to deliver reliable and innovative software to beat digital fraud.

R-Tech

R-Tech

R-Tech GmbH manages the digital start-up initiative, whose goal is to build a sustainable start-up culture in the field of digitization throughout the Upper Palatinate district of Bavaria.

Chartered Institute of Information Security (CIISec)

Chartered Institute of Information Security (CIISec)

CIISec is dedicated to helping individuals and organisations develop capability and competency in cyber security.

International Cyber Threat Task Force (ICTTF)

International Cyber Threat Task Force (ICTTF)

The International Cyber Threat Task Force is a not-for-profit initiative promoting the ecosystem of an International independent non-partisan cyber security community.

SHI International

SHI International

SHI International deliver against your IT and business needs, helping you build strategies and solutions that will drive innovation, collaboration and security.

Cyber Proud

Cyber Proud

Cyber proud is leading a talent revolution to promote and create an inclusive skilled cyber workforce.