Because some journalists are, in effect, crime and intelligence analysts at heart
BY:
Catherine Nicci
Legal Affairs Analyst / Reporter
PROJECT COUNSEL MEDIA
19 July 2022 (Krakow, Poland) – Proofpoint is a cyber security firm. The company published an interesting blog essay called “Above the Fold and in Your Inbox: Tracing State-Aligned Activity Targeting Journalists, Media”. The write up presents accurate information (we know the sources) that a number of nation states are targeting journalists. This makes sense because some journalists are, in effect, crime and intelligence analysts at heart. Their methods are often similar to those used at certain government organizations.
Is this a new insight from the world’s intelligence professionals? No. I write about it every year from the International Journalism Festival in Perugia, Italy. The Proofpoint article notes:
“Journalists and media organizations are well sought-after targets with Proofpoint researchers observing APT actors, specifically those that are state-sponsored or state-aligned, routinely masquerading as or targeting journalists and media organizations because of the unique access and information they can provide. The media sector and those that work within it can open doors that others cannot.
A well-timed, successful attack on a journalist’s email account could provide insights into sensitive, budding stories and source identification. A compromised account could be used to spread disinformation or pro-state propaganda, provide disinformation during times of war or pandemic, or be used to influence a politically charged atmosphere.
Most commonly, phishing attacks targeting journalists are used for espionage or to gain key insights into the inner workings of another government, company, or other area of state-designated import”.
What nation states are targeting certain journalists? The article mentions by name these countries:
• China
• Iran
• North Korea
• Turkey (sic). The country’s new name is Türkiye
I would have added Russia. The article includes examples of the Proofpoint analysts’ identification of actions against journalists. The write up concludes with what appears to be some free advice:
“The varied approaches by APT actors – using web beacons for reconnaissance, credential harvesting, and sending malware to gain a foothold in a recipient’s network – means those operating in the media space need to stay vigilant”.
Many journalists, in my experience, are unaware of the nuances of staying vigilant. Targets are targets because they can be hit. Examples of what has happened are interesting. May I suggest that journalists receive appropriate instruction when learning their craft. When I worked for Reuters I was assigned to Eastern Europe and I traveled through some “challenging” countries. Instruction on vigilance was always upgraded or enhanced. When I transferred to the U.S. to cover Silicon Valley the *journalists* I encountered were only interested in recognition, media clout, and being visible. Rather than stepping back and asking, “Have I been targeted, played, and manipulated?”
My take-away is that 100s of journalists have been successfully targeted by Chinese and Russian operatives. The above quote from the article nails it. The attacks were used to gain information to spread disinformation or pro-state propaganda, or they were geared to gain key insights into the inner workings of another government, or other area of state-designated import. And the pickings were easy.