State Actors Are Increasingly Targeting Journalists With Surveillance Malware

from the more-bad-news-on-the-press-freedom-front dept

Columbia Journalism Review is reporting it has witnessed more malware attacks targeting journalists. An article by Financial Times cyber security head Ahana Datta details attempts to compromise a Middle East correspondent's phone via WhatsApp.

The correspondent, who I will not name for reasons that will soon become clear, mentioned that in recent weeks they had been receiving mysterious WhatsApp calls. The numbers were unrecognized. Afterward, their phone battery had drained quickly. And they were sometimes unable to end other calls, because the screen seemed to freeze.

They had been working on an investigation into surveillance on journalists and human rights activists in a particular Middle Eastern nation, and had been in contact with sources the government was hostile to. We decided the reporter was safer with a separate device for this story.

This unnamed reporter wasn't the only one targeted. Datta asked other journalists if they'd experienced similar issues. Four reporters also had noticed unusual performance issues and reported they had received fake SMS authentication codes for secure messaging apps -- codes that were sent unprompted. A few had been duped into downloading unknown software. Others reported their phones behaving strangely after their devices had been in the hands of others, like personnel at border checkpoints.

Touring other Financial Times branches, Datta found more of the same, even if the deployment methods varied a bit.

In parts of Eastern Europe, the flavor seems to be plausible deniability: threats commonly manifest in the form of creative phishing attacks, such as imposters trying to connect on LinkedIn or impersonating emails from known contacts.

[...]

In Asia, journalists are more often targeted by people on the ground. State agents often inexplicably show up where correspondents and their sources are scheduled to meet. Some countries have a centralized database of residents’ IDs, including facial recognition, so the federal police and regional police are largely in sync. In some areas, messaging apps can be disabled based on where you’re located.

In one Asian office, state officials called to question wording in articles that had yet to be published, indicating journalists' devices had been compromised by state actors.

Unfortunately, this isn't news in the normal sense of the word. It's mainly just the continuation of distressing developments around the world. Governments are increasingly targeting journalists, especially those they might want to deter from publishing unflattering reports about government activities. Equally as unfortunate is these tools are being sold to them by a number of companies that insist they're in the national security/law enforcement business but are more than willing to sell malware to countries known for their stifling of dissent, targeting of journalists, and long histories of human rights violations.

Israeli tech company NSO Group is one of the worst offenders. It has sold malware and spyware to blacklisted countries and seems unconcerned that it's providing nearby enemies with the tools to target the residents of its home country.

Making matters worse are law enforcement agencies in countries where human rights are considered to be respected. Many have already expressed their displeasure that Facebook is adding end-to-end encryption to Messenger. But they're also upset Facebook is warning WhatsApp users when it detects abnormal activity that could indicate they've been targeted by state actors or malicious hackers. These agencies would apparently rather see journalists and activists harmed than watch a single suspected criminal avoid being compromised by law enforcement-deployed malware.

So, what can journalists do to protect themselves? Datta suggests the same things that have worked for years. Use encrypted communications methods. Turn on two-factor authentication. Encrypt devices and their content. Toss devices in a Faraday bag if traveling in high-risk locations.

Most importantly, though, is that journalists never give up. If a state-sponsored hacker wants to compromise a device, there's a good chance it will eventually be compromised. But that's no reason for journalists to sit back and allow it to happen. Why make it easy on them? Be a frustrating target -- one that makes it as difficult as possible for those seeking to do harm to journalists and their sources.

Filed Under: journalism, journalists, malware, surveillance


Reader Comments

Subscribe: RSS

View by: Time | Thread


  • identicon
    Anonymous Coward, 27 Feb 2020 @ 3:29pm

    These agencies would apparently rather see journalists and activists harmed than watch a single article they dislike from reaching the public.

    Make no mistake about the intent here. Their "suspected criminal" is the journalist. Why? Because the journalist dared to speak in a way they disapprove of.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 27 Feb 2020 @ 3:58pm

    Every country is doing the same thing! Why? Because there isnt a single country, democratic or otherwise, where the government isnt as corrupt as it can be! Where every politician is getting underhand payments for helping some person, company or industry get something it wouldn't otherwise have got and in doing so, the public are screwed, over and over. We all hear tales of what's going on in Russia, China and other places but dont be fooled into thinking it aint happening here! How the hell did the movie industry get how it is? What about the telecoms industry, the mobile industry and the tv industry? All are able to get massive handouts, not do anything that the handouts were give for and pocket the publics cash! Never any punishment, no fallout, nothing! Even the body that is supposed to look after the publics interests specifically, falls over itself, unable to do the various industries biddings fast enough! How is this not a corrupt society? Everything is done to ensure the 'few' get maximum benefit, maximum reward, for maximum length of time, off of the enslaved backs of everyone else, backed admirably by all sectors of law enforcement!

    reply to this | link to this | view in chronology ]

  • icon
    ECA (profile), 27 Feb 2020 @ 4:37pm

    Dumb phones..

    Love them..
    Cheap. easy and NOT SMART..
    If you need a Download, you can because IT WONT RUN on that phone. AND it wont Auto run a script.

    And if needed, SOME have ability to link to Smart phone and PC.

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 28 Feb 2020 @ 1:38pm

      Re: Dumb phones..

      Are you kidding? The dumb phones have been long known to be prebackdoored. That is why there are so many encrypted chat and phone apps.

      reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 27 Feb 2020 @ 5:28pm

    i read that as "stage actors". it is more interesting like that, i recommend changing the headline.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 27 Feb 2020 @ 6:19pm

    Did they get promoted to state actor? Last I knew that group had a different legal designation.

    Unless they have done a lot of counter corruption and humanitarian work it is still on the organization or network designation list.

    reply to this | link to this | view in chronology ]

  • identicon
    Pixelation, 27 Feb 2020 @ 6:40pm

    Blow their minds

    Time to create some honeypots...

    reply to this | link to this | view in chronology ]

  • identicon
    anoncoowie, 28 Feb 2020 @ 2:13am

    Something like ad nauseum might help

    Dumb phones are a decent notion. One of the FOSS tools for the web browsing ad blocker community, ad nauseum, takes a different approach: poisoning the well. The pair, a phone that is just a phone, and a smartphone that just spews mashed up text full of attractive keywords might be valuable. Isolating a valid bit of information from a firehose is harder both for machines and humans.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 28 Feb 2020 @ 3:06am

    Use signal

    not WhatsApp.

    reply to this | link to this | view in chronology ]

  • identicon
    ROGS Vulva studies, 2 Mar 2020 @ 11:43am

    re: electronic implants and gang stalking

    In the para-linguistic terminology of cops, intel agents, private contractors, et al who are online gang stalkers, this is what THEY call "electronic implants," while sheep dipping the dialectic with psychobabble and gibberish about bio-implants and sattellite connected chips.

    The use of para-language confuses the average onlookers ability to understand the terms, phrases, and dialectic of organized gang stalking.

    But the NSA et al really do use computer/cell phone monitoring software that is defined as "electronic implants" and this was most notable in the Equation Group of hackers, tied to the NSA, who did this shit surreptitiously for fourteen years before they were outed.

    reply to this | link to this | view in chronology ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here



Subscribe to the Techdirt Daily newsletter




Comment Options:

  • Use markdown. Use plain text.
  • Remember name/email/url (set a cookie)

Close

Add A Reply

Have a Techdirt Account? Sign in now. Want one? Register here



Subscribe to the Techdirt Daily newsletter




Comment Options:

  • Use markdown. Use plain text.
  • Remember name/email/url (set a cookie)

Follow Techdirt
Insider Shop - Show Your Support!

Advertisement
Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Advertisement
Report this ad  |  Hide Techdirt ads
Recent Stories
Advertisement
Report this ad  |  Hide Techdirt ads

Close

Email This

This feature is only available to registered users. Register or sign in to use it.