Why News Outlets Continue to Be Prime Hacker Targets

Posted on by Rook Security

By Mike Patterson is Vice President of Strategy, Rook Security

Arriving on the heels of recent attacks against the Democratic National Committee, news broke that the New York Times and other news organizations were allegedly targeted by hackers. Whether or not you believe outside interference in our election cycle is a result of Russian hackers or another alleged group, given the surge in breach activity since the last Presidential cycle and against the backdrop of one of the more contentious and polarizing Presidential contests in recent memory (which also lacks an incumbent), none of this should come as a surprise. In addition to Democrats and observers, Donald Trump has experienced the pain too: his campaign website has been attacked and he was targeted by Anonymous starting in March of 2016.

While the influencing and outright rigging of elections through cyber attacks has been known to occur in other countries for years, that tactic has largely focused on campaign or party assets, not media outlets. But this is not your typical election: Mr. Trump’s savvy navigation of the news cycle has made him the Republican nominee, but his missteps have also been magnified and earned a disproportionately longer tail of coverage as a result.

News organizations can be targets of opportunity just like anyone else, but it’s less of a coincidence given they play a critical role in shaping our perceptions of candidates, issues and events of the day through their journalistic endeavors. This is true now more than ever as Mr. Trump has chosen to campaign more through the media than any candidate in recent memory, perhaps ever.

Social media has altered how news is broken and shared, but the journalistic food chain still consists predominantly of major news outlets and newspapers. Of course, with this great power comes great responsibility and therefore great peril should external forces seek to hijack this important societal role.

We’ve been here many times before: attackers have long realized the value of hacking the news for both profit and activism. In 2015, stock traders and hackers working in cahoots were able to access press releases from three major distributors and trade on that information before those announcements hit the wire. In 2013, multiple attacks against news outlets were attributed to the Syrian Electronic Army, whose lengthy list of victims included…the New York Times.

With these most recent events involving the alleged hacking of the media, and the chatter they have received about election influence, we can now update the thesis on the motivation for breaking into news organizations and the damage that can be wrought:

Profit: Whether by stealing credit card information of online subscribers or obtaining market-moving information prior to publication, profit-oriented hackers know exactly where to turn for quick profits.

Activism: News organizations have large, immediate reach should attackers wish to deface media outlets or edit/replace legitimate news stories with their own propaganda. This includes not only websites, but the social media accounts as well.

Influence: A hacker collective focused on influencing an election can seek to delete, delay or deface stories in the name of their political leanings. For example, a news outlet seen as Anti-Trump can face ransomware attacks or an Anti-Clinton organization see its files pertaining to an expose on Hillary Clinton mysteriously deleted.  

National Security: One of the biggest motivations to infiltrate a news organization is to eavesdrop and spy on all of the internal notes, discussions, memos, phone calls, voicemails and emails detailing discussions with thousands of well-placed sources in government and other important organizations. The temptation to learn about not just upcoming stories but also all of the off-the-record discussions has to be mouthwatering for spy agencies in other countries, to say nothing of their actual identities. The journalism process can take days, weeks or months before even a single article is written. What country wouldn’t want to know the investigation history in advance at any of the publications used by Edward Snowden before the release of his treasure trove of documents? Conversely, what country wouldn’t want to know that a Snowden-level story was coming and threatening to expose classified information and do what they could to stop it?  

Clearly, the motivations and ramifications are many. Compounding the problems of news organizations is that many of them who lack diversification away from print are experiencing declining print revenues that largely outstrip gains in online subscribers and advertising. The resulting cost pressures on print-focused organizations that lack the deep pockets of a larger media empire (News Corp. for example) or a billionaire backer (like the Washington Post) can be crushing. Security budgets will be disproportionately smaller compared to a healthier industry like banks that also view security as a critical part of their operations and fund it incredibly well.

It’s clear that news organizations that do real journalism have to accept some facts:  

  1. A shift to digital media means digital issues will follow…especially information security.
  2. News outlets sit on incredibly valuable information and assets that are incredibly valuable to a wide swath of attackers, many of whom are well-funded.
  3. Security at news organizations has proven to be porous.
  4. Well-funded, motivated and multiple attackers will almost always win against organizations who do not prioritize a robust IT security program.
  5. Instead of admit or cave to the “inevitable”, news outlets should seek to deny the inevitable through investment in security programs.


Mike Patterson is Vice President of Strategy, Rook Security, a global IT security solutions provider.

Rook Security

, Rook Security

Blogs posted to the RSAConference.com website are intended for educational purposes only and do not replace independent professional judgment.  Statements of fact and opinions expressed are those of the blog author individually and, unless expressly stated to the contrary, are not the opinion or position of RSA® Conference, RSA Security LLC or any other co-sponsors. RSA Conference does not endorse or approve, and assumes no responsibility for, the content, accuracy or completeness of the information presented in this blog.

Share With Your Community