As a journalist, I am sensitive to items regarding the business of the “Fourth Estate.” This is especially true as it relates to the protection of personal information. We scribes don’t want confidential sources revealed or violate the trust of people or companies who give us information under embargo so we can write cogently about things at the time they formally go into the public realm. 

It was thus with more than a bit of consternation that I read the story in Reuters that Google (News - Alert) security researchers have found that twenty-one of the world's top-25 news organizations have been the targets of likely state-sponsored hacking attacks.

The Reuters (News - Alert) quotes Shane Huntley, a security software engineer at Google as saying journalists were "massively over-represented" among exploits Google looked at of email hacks designed to steal personal information.  Huntley and co-author Morgan Marquis-Boire, who presented their observations at the Black Hat hackers event in Singapore, while not disclosing exactly how they know, also pointed their fingers at state-sponsorship as the source for targeted hacks.

"If you're a journalist or a journalistic organization we will see state-sponsored targeting and we see it happening regardless of region, we see it from all over the world both from where the targets are and where the targets are from," Huntley told Reuters.

Both researchers declined to go into detail about how Google monitors such attacks, but said it, "tracks the state actors that attack our users." Recipients of such emails in Google's Gmail service typically receive a warning message.

It is bad and getting worse

What is public knowledge have been the high profile cyber attacks on Forbes, the Financial Times (News - Alert) and the New York Times by the Syrian Electronic Army, a group of pro-Syrian government hackers. But, as the researchers noted, hackers with ties to governments have been very busy and the headline making attacks barely tell the story.

What was a bit unsettling about the Reuters story was the citing by the researchers of an anonymous attack where the exploit of choice was a weapon-ized email. This is a common approach for implanting malware that can ultimately steal private information or sends users to websites where they are tricked into giving up credentials that open the door for mischief.

Marquis-Boire is quoted as saying this is obviously nothing new, and noted that, "A lot of news organizations are just waking up to this."  He concluded by saying that many journalists have awoken to the need to be more careful about protecting their interactions and personal information. 

While I can’t imagine why state-sponsored hackers might be interested in my personal information, the article is illuminating because it does show the chilling effect bad actors could have on compromising the press.  As importantly, it also should be a call to action for everyone and not just journalists that basic protection and common sense, i.e., don’t open emails from non-trusted entities, is something we all need to practice.