The Syrian civil war is also a propaganda war. With the Assad regime and the rebels both attempting to assure their supporters and the world that they are on the brink of victory, how the facts are reported has become central to the struggle. Hackers working in support of Assad loyalists this week decided to take a shortcut, attacking the Reuters news agency’s blogging platform and one of its Twitter accounts, and planting false stories about the vanquishing of rebel leaders and wavering support for them from abroad.
The stories and tweets were unconvincing, and none spread much further than their home sites. The majority of readers disseminating the repurposed Twitter stream appeared to be Assad partisans, either keen to spread the misconceptions or to believe them themselves.
The attacks demonstrate, however, how media institutions are at risk of targeted attacks by state-supported electronic activists–and that hackers will attempt to leverage the outlying parts of a large organization to take wider control, or at least the appearance of wider control.
Neither Reuters’ blogging site nor its minor Twitter accounts feed the company’s authoritative wire service, but as a consequence they may not have the same levels of heavy protection against misuse. A weak password used by a single person could have granted an outsider the power to post publicly to either service.
Even when a hacker’s target is an individual journalist and not his or her media organization, things can escalate to affect the institutions journalists work for. When the tech reporting site Gizmodo‘s Twitter account was taken over on Friday, it was through an attack on one of its former reporters, Mat Honan. Gizmodo‘s reporting has made it unpopular in some quarters, but Honan says that he was the target, and that Gizmodo was “collateral damage.” His Twitter account was linked to Gizmodo‘s corporate account, and the attackers used one to post to the other.
Honan’s story should give anyone pause about their own digital safety, especially if they rely on external companies. His Twitter account was taken over by a hacker who persuaded a tech support line operator to reset the password to his Apple account. The attacker used this account to change his linked Gmail and Twitter account information, and then proceeded to use the “remote wipe” feature on the latest Apple iPhone and laptops to disable and delete the content of his phone, iPad and Macbook. As a freelancer, Honan did not have offline backup of his work. (Honan says he is waiting for a response from Apple the company; meanwhile, Apple tech support is helping with damage control).
Honan has corresponded with an individual who claims to be his hacker, and says that the real intent of the compromise was his three-letter Twitter account. Whether it’s by common cybercriminals or state-supported propagandists, journalists are being targeted as individuals. The organizations that employ them need to invest resources and training to improve their cyber-security; not least because when one person’s security is compromised, everyone who relies on that person is also under threat.