Apr 12, 2017

When hackers target the news

Steve Bowbrick/AP

In an earlier era, if someone didn't like what was reported about them, they could write a letter to the editor or run a full-page ad combating the piece. Today, independent and state-sponsored hackers are responding to articles, journalists and news institutions they don't like online by publishing private information about them or shutting down their websites completely.

Why it matters:

  • The news is at risk: Digital news lends itself to more cyberattacks, and the rate of digital news consumption is steadily increasing. This is especially problematic when news organizations are planning stories around highly-trafficked events that hackers can predict will have a big democratic impact, like the election night or inauguration.
  • Everyday people are unknowingly involved: Hackers use an army of digital bots to perform attacks, and those bots often operate attacks from "compromised machines," or the computers of regular, everyday people. Hackers will place malware (usually from spam emails) on people's computers that allow bots to mimic their website browser settings when conducting attacks, making it harder for news organizations to see them coming.

How it happens: The most common type of digital news attack is called a DDOS (distributed denial of service) attack, where hackers use a network of bots to direct a lot of traffic towards a website, overwhelming its server and shutting it down. Doxing, another type of cyberattack, is also frequently used, where attackers obtain and publish private information about people (journalists, politicians, etc.) with the intent of maliciously exposing their vulnerabilities. This has become more frequent in the past two years.

  • News sites: It was a DDOS attack that shut down a huge portion of our Internet last year for nearly a full day, including Twitter, The Guardian, Netflix, Reddit and CNN websites. Earlier this year, Reddit shut down Alt Right sub-channels for doxing.
  • Journalists: Earlier this year, Google sent an email warning to prominent journalists of attacks by a government-based hackers.
  • Campaigns: DDOS attacks were used in an attempt to shut down both the Clinton and Trump campaign websites during the election.

What's the solution? Media organizations choose content delivery networks (CDNs) to serve content safely and efficiently, and as a safeguard for unexpected traffic surges that might come from a very popular story – or unwanted attention from an attack designed to make their servers unavailable. The New York Times, for example, used a CDN company called Fastly to ensure their live election results map wouldn't be shut down on election night, due to high-traffic or a hack. In an interview with Axios, Fastly's Chief Security Officer Window Snyder says by routing traffic through servers distributed worldwide, content is closer to the user and decentralized, which is especially important if a website is managing high traffic or attacked. Some companies, like Facebook, are large enough to build out their own CDN's, but most digital news organizations will hire CDN companies to manage this process for them.

Go deeper

Coronavirus spreads to more countries, and U.S. ups its case count

Data: The Center for Systems Science and Engineering at Johns Hopkins, the CDC, and China's Health Ministry. Note: China numbers are for the mainland only and U.S. numbers include repatriated citizens.

The novel coronavirus continues to spread to more nations, and the U.S. reports a doubling of its confirmed cases to 34 — while noting those are mostly due to repatriated citizens, emphasizing there's no "community spread" yet in the U.S. Meanwhile, Italy reported its first virus-related death on Friday.

The big picture: COVID-19 has now killed at least 2,359 people and infected more than 77,000 others, mostly in mainland China. New countries to announce infections recently include Israel, Lebanon and Iran.

Go deeperArrowUpdated 8 hours ago - Health

Wells Fargo agrees to pay $3 billion to settle consumer abuse charges

Clients use an ATM at a Wells Fargo Bank in Los Angeles, Calif. Photo: Ronen Tivony/SOPA Images/LightRocket via Getty Images

Wells Fargo agreed to a pay a combined $3 billion to the Justice Department and the Securities and Exchange Commission on Friday for opening millions of fake customer accounts between 2002 and 2016, the SEC said in a press release.

The big picture: The fine "is among the largest corporate penalties reached during the Trump administration," the Washington Post reports.