Skip to main content

Google researchers say hacking attacks on journalists are likely state-backed

journalists likely targets state sponsored digital attacks say google researchers morgan marquis boire
Morgan Marquis-Boire

A report from a pair of Google security engineers claims that 21 of the 25 largest news outlets in the world have been attacked by hackers that were likely either working for governments or carrying out the attacks in support of them, according to Reuters.

Shane Huntley, who released the report at a Black Hat conference in Singapore this week with co-author Morgan Marquis-Boire, says that journalists were “massively over-represented” in the overall pool of people who were victims of such attacks. For example, Huntley mentioned that Chinese hackers penetrated one “major” Western news outlet using a carefully-written questionnaire that was emailed to that organization’s staff members.

“If you’re a journalist or a journalistic organization we will see state-sponsored targeting and we see it happening regardless of region, we see it from all over the world both from where the targets are and where the targets are from,” Huntley said.

Part of the problem is the lack of attention paid to security by news organizations. “A lot of news organizations are just waking up to this,” said Marquis-Boire. However, individual journalists are taking steps to protect themselves and their sources, even as their organizations lag behind.

“We’re seeing a definite upswing of individual journalists who recognize this is important,” Marquis-Boire said.

Considering the volume of people that have used passwords as simplistic as “123456,” we’re not terribly surprised that a lack of focus on the issue of security has been at the forefront of the problem.

Editors' Recommendations

Mike Epstein
Former Digital Trends Contributor
Michael is a New York-based tech and culture reporter, and a graduate of Northwestwern University’s Medill School of…
Google is going to stop reading Gmail users’ emails so it can personalize our ads
A person accessing Gmail via their phone and laptop.

There's a constant tension today between privacy concerns and the really cool things technology can do for us. It's great that Microsoft Cortana, for example, can read our email and create reminders to do the things we promise, but that requires letting Microsoft have access to our email messages.

Some companies access our information for purposes that are less useful to us personally, like Google's tendency to dig into the data stored on its servers to personalize the ads it shows us. The Gmail in Google's G Suite solution aimed at business customers doesn't do that -- and the company made a welcome announcement Friday that its free consumer Gmail service won't do so either starting later this year.

Read more
Google attacks cloud security head-on with new Google Cloud Platform features
android global village mwc 2017 google

Google Cloud Platform (GCP) is the search engine giant's cloud services offering that competes with Amazon Web Services and Microsoft Azure. Companies use GCP for a variety of tasks, from running simple websites to creating highly complex computing and network applications. To accomplish such functions, it utilizes Google's data analytics, machine learning, computing, and other services, which are built into it.

On Thursday, at its Google Cloud Next '17 event, the company detailed a number of updates to its cloud computing platform. One of the most important updates pertain to security -- Google is implementing a number of new features aimed at making GCP and its G Suite productivity apps less prone to exploits.

Read more
Calling foul: Encryption service ProtonMail accuses Google of burying its search results
protonmail google search results

Swiss email encryption startup ProtonMail has accused Google of hiding its site from search results, saying it “almost killed” the service.

In a blog post, ProtonMail co-founder Andy Yen explained that for the better part of a year, ProtonMail was hidden from search results for terms like “secure email” and “encrypted email.”

Read more