State Actors Are Increasingly Targeting Journalists With Surveillance Malware

from the more-bad-news-on-the-press-freedom-front dept

Thu, Feb 27th 2020 1:52pm — Tim Cushing

Columbia Journalism Review is reporting it has witnessed more malware attacks targeting journalists. An article by Financial Times cyber security head Ahana Datta details attempts to compromise a Middle East correspondent's phone via WhatsApp.

The correspondent, who I will not name for reasons that will soon become clear, mentioned that in recent weeks they had been receiving mysterious WhatsApp calls. The numbers were unrecognized. Afterward, their phone battery had drained quickly. And they were sometimes unable to end other calls, because the screen seemed to freeze.

They had been working on an investigation into surveillance on journalists and human rights activists in a particular Middle Eastern nation, and had been in contact with sources the government was hostile to. We decided the reporter was safer with a separate device for this story.

This unnamed reporter wasn't the only one targeted. Datta asked other journalists if they'd experienced similar issues. Four reporters also had noticed unusual performance issues and reported they had received fake SMS authentication codes for secure messaging apps -- codes that were sent unprompted. A few had been duped into downloading unknown software. Others reported their phones behaving strangely after their devices had been in the hands of others, like personnel at border checkpoints.

Touring other Financial Times branches, Datta found more of the same, even if the deployment methods varied a bit.

In parts of Eastern Europe, the flavor seems to be plausible deniability: threats commonly manifest in the form of creative phishing attacks, such as imposters trying to connect on LinkedIn or impersonating emails from known contacts.

[...]

In Asia, journalists are more often targeted by people on the ground. State agents often inexplicably show up where correspondents and their sources are scheduled to meet. Some countries have a centralized database of residents’ IDs, including facial recognition, so the federal police and regional police are largely in sync. In some areas, messaging apps can be disabled based on where you’re located.

In one Asian office, state officials called to question wording in articles that had yet to be published, indicating journalists' devices had been compromised by state actors.

Unfortunately, this isn't news in the normal sense of the word. It's mainly just the continuation of distressing developments around the world. Governments are increasingly targeting journalists, especially those they might want to deter from publishing unflattering reports about government activities. Equally as unfortunate is these tools are being sold to them by a number of companies that insist they're in the national security/law enforcement business but are more than willing to sell malware to countries known for their stifling of dissent, targeting of journalists, and long histories of human rights violations.

Israeli tech company NSO Group is one of the worst offenders. It has sold malware and spyware to blacklisted countries and seems unconcerned that it's providing nearby enemies with the tools to target the residents of its home country.

Making matters worse are law enforcement agencies in countries where human rights are considered to be respected. Many have already expressed their displeasure that Facebook is adding end-to-end encryption to Messenger. But they're also upset Facebook is warning WhatsApp users when it detects abnormal activity that could indicate they've been targeted by state actors or malicious hackers. These agencies would apparently rather see journalists and activists harmed than watch a single suspected criminal avoid being compromised by law enforcement-deployed malware.

So, what can journalists do to protect themselves? Datta suggests the same things that have worked for years. Use encrypted communications methods. Turn on two-factor authentication. Encrypt devices and their content. Toss devices in a Faraday bag if traveling in high-risk locations.

Most importantly, though, is that journalists never give up. If a state-sponsored hacker wants to compromise a device, there's a good chance it will eventually be compromised. But that's no reason for journalists to sit back and allow it to happen. Why make it easy on them? Be a frustrating target -- one that makes it as difficult as possible for those seeking to do harm to journalists and their sources.

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: journalism, journalists, malware, surveillance

10 Comments

If you liked this post, you may also be interested in...

Reader Comments

Subscribe: RSS

View by: Time | Thread

Anonymous Coward, 27 Feb 2020 @ 3:29pm

These agencies would apparently rather see journalists and activists harmed than watch a single article they dislike from reaching the public.

Make no mistake about the intent here. Their "suspected criminal" is the journalist. Why? Because the journalist dared to speak in a way they disapprove of.
[ link to this | view in thread ]
Anonymous Coward, 27 Feb 2020 @ 3:58pm

Every country is doing the same thing! Why? Because there isnt a single country, democratic or otherwise, where the government isnt as corrupt as it can be! Where every politician is getting underhand payments for helping some person, company or industry get something it wouldn't otherwise have got and in doing so, the public are screwed, over and over. We all hear tales of what's going on in Russia, China and other places but dont be fooled into thinking it aint happening here! How the hell did the movie industry get how it is? What about the telecoms industry, the mobile industry and the tv industry? All are able to get massive handouts, not do anything that the handouts were give for and pocket the publics cash! Never any punishment, no fallout, nothing! Even the body that is supposed to look after the publics interests specifically, falls over itself, unable to do the various industries biddings fast enough! How is this not a corrupt society? Everything is done to ensure the 'few' get maximum benefit, maximum reward, for maximum length of time, off of the enslaved backs of everyone else, backed admirably by all sectors of law enforcement!
[ link to this | view in thread ]
ECA (profile), 27 Feb 2020 @ 4:37pm

Dumb phones..
Love them..
Cheap. easy and NOT SMART..
If you need a Download, you can because IT WONT RUN on that phone. AND it wont Auto run a script.

And if needed, SOME have ability to link to Smart phone and PC.
[ link to this | view in thread ]
Anonymous Coward, 27 Feb 2020 @ 5:28pm

i read that as "stage actors". it is more interesting like that, i recommend changing the headline.
[ link to this | view in thread ]
Anonymous Coward, 27 Feb 2020 @ 6:19pm

Did they get promoted to state actor? Last I knew that group had a different legal designation.

Unless they have done a lot of counter corruption and humanitarian work it is still on the organization or network designation list.
[ link to this | view in thread ]
Pixelation, 27 Feb 2020 @ 6:40pm

Blow their minds
Time to create some honeypots...
[ link to this | view in thread ]
anoncoowie, 28 Feb 2020 @ 2:13am

Something like ad nauseum might help
Dumb phones are a decent notion. One of the FOSS tools for the web browsing ad blocker community, ad nauseum, takes a different approach: poisoning the well. The pair, a phone that is just a phone, and a smartphone that just spews mashed up text full of attractive keywords might be valuable. Isolating a valid bit of information from a firehose is harder both for machines and humans.
[ link to this | view in thread ]
Anonymous Coward, 28 Feb 2020 @ 3:06am

Use signal
not WhatsApp.
[ link to this | view in thread ]
Anonymous Coward, 28 Feb 2020 @ 1:38pm

Re: Dumb phones..
Are you kidding? The dumb phones have been long known to be prebackdoored. That is why there are so many encrypted chat and phone apps.
[ link to this | view in thread ]
ROGS Vulva studies, 2 Mar 2020 @ 11:43am

re: electronic implants and gang stalking
In the para-linguistic terminology of cops, intel agents, private contractors, et al who are online gang stalkers, this is what THEY call "electronic implants," while sheep dipping the dialectic with psychobabble and gibberish about bio-implants and sattellite connected chips.

The use of para-language confuses the average onlookers ability to understand the terms, phrases, and dialectic of organized gang stalking.

But the NSA et al really do use computer/cell phone monitoring software that is defined as "electronic implants" and this was most notable in the Equation Group of hackers, tied to the NSA, who did this shit surreptitiously for fourteen years before they were outed.
[ link to this | view in thread ]