Do journalists have information security problems and should they take the protection of their information more seriously than “ordinary” citizens? I often hear from journalists that they don’t particularly have confidential information or anything to hide.
The main mistake begins when hearing “protection of information,” they understand the protection of purely confidential information.
Understandably, the number of journalists who hold this view is very few. But there are many instances when a cyberattack against a journalist can harm not only the journalist, but also other people and organizations. The vulnerable areas that are important for almost all journalists can be identified roughly as follows:
(a) Journalists almost always have sources that want to remain anonymous.
Of course, in Armenia, the use of sources specific to a media outlet, to put it mildly, is blown out of proportion. But actually there are anonymous sources, and they must be protected from the eyes of law enforcement, individual officials, and corporations. And if information in a journalist’s possession was leaked, this may lead to a source being revealed.
(b) The average journalist constantly communicates with several people who are already the bearers of closed or confidential information. For example, MPs. If a journalist’s communications aren’t protected, then he may be a source of information leaks to a third party.
(c) Continuing the previous thought — say that the journalist may act as an intermediary for an attack on others. For example, if a journalist’s computer is vulnerable, then if it is attacked, the evil-doer will begin to possess the journalist’s email content.
After which he’ll be able to send emails containing viruses to the senior official. Taking into account that until then the journalist and the official have had a lengthy correspondence up to that point, the official presumably will open the letter without hesitation, since he considers the source credible. As a result, confidential information will be leaked from the official’s computer, and the journalist will be guilty. Even though unwittingly guilty.
(d) The hardest thing is to realize that you have become the bearer of sensitive information. A journalist can be a volunteer in the newsroom and then move on to permanent employment. And at some point he will begin to possess information that should be protected. And it’s hard to determine that transition period. Mostly it becomes clear after the leak, when it’s already too late.
There are many such examples. It’s important to understand that the average journalist today can be a target for not only state enforcement agencies, but also other countries’ state hacker groups. Today, large corporations have opportunities for hacker attacks.
Moreover, there’s a large black market of hacker services. And the rental of these services is becoming more affordable even for individuals. That is, not only an angry bureaucrat, but also theoretically even a jealous husband can unleash a hacker attack on a journalist or newsroom.
Not ruled out is that an attack on a newsroom can be carried out purely for the purpose of extorting money. For example, if a cryptovirus gets in the newsroom’s internal network and encrypts all the files, a large amount of money will be demanded for their return.
One careless journalist can cause thousands of dollars of harm to a dozen people. And not to mention that the newsroom’s work will be paralyzed.
And the reason will not only be that the journalist was very modest and didn’t consider herself an important person on whom a hacker attack can be unleashed.
And so, don’t be fooled. If you’re a journalist, then definitely somewhere a hacker is trying to break you. And it would be good if he’s the only one.
Samvel Martirosyan
The views expressed in the column are those of the author's and do not necessarily reflect the views of Media.am.
Add new comment
Comments by Media.am readers become public after moderation. We urge our readers not to leave anonymous comments. It’s always nice to know with whom one is speaking.
We do not publish comments that contain profanities, non-normative lexicon, personal attacks or threats. We do not publish comments that spread hate.