In almost all countries, journalists are among the primary targets for cyberattacks, and Armenia is no exception.

Indeed, some journalists believe they have nothing to hide and are negligent regarding possible digital attacks or data loss. Unfortunately, they do not realize that this way, they endanger their and other people’s data.

Regardless of what journalists and editors believe, they remain among the primary targets of cyber attacks in Armenia, along with politicians and various types of activists.

Let’s consider the main dangers that editorial offices and media personalities have faced in Armenia during the last year. Let us focus on the main types of attacks without pinpointing any names and those behind them in cases when possible.

Undoubtedly, one of the major threats in the last years remains various spyware programs targeting different entities, including journalists in Armenia.

Currently, we are aware of two main programs that infect Armenian targets. One is Predator, developed by a Macedonian cyber company known as Cytrox; the other is Pegasus, provided by NSO Group – an Israeli cyber-surveillance firm. Both are separate topics and require individual articles for detailed representation. However, here we will address some of the critical issues.

Regarding Predator, there is evidence presented by the security teams of Meta, Citizenlab, and Google, according to which this spyware is also used against people associated with the media in Armenia.

There is also evidence that both the buyer and the user are Armenian-based government institutions.

It is worth mentioning that organizations like Cytrox or NSO Group sell their products exclusively to government institutions, avoiding possible criminal prosecution.

Thus, there is evidence that at least since the second half of 2021, the Armenian authorities have been using spyware programs against Armenian targets, including media-related entities (including social network activists, bloggers, journalists, editors, and media owners).

Unfortunately, there are no publicly proven and published cases of specific infections.

As for Pegasus, there is a recently published international investigation in which the CyberHUB team and Ruben Muradyan from Armenia participated, as well as the international organizations Accessnow, Amnesty International, and Citizenlab.

The investigation reveals 12 entities, five of whom wished to remain anonymous. It has been proven that their phones were infected. Five out of twelve are journalists or are related to the media.

In this case, international experts conclude that the government of Azerbaijan was the initiator of the attacks. Proven infections began at least during the 2020 44-day war and remain ongoing.

Among other widespread issues are the attempts to silence the media through DDoS-type attacks, which aim to take down the targeted website.

In the last six months, we have had two such incidents. In the first case, the attacker was unknown. In the second case, a well-known Russian group sent a message asking for ransom, saying the attack would stop after the ransom was paid. In both cases, the news outlets were protected by specialists, but their availability was disrupted for a certain period.

Next are the attacks against news platforms on social media. We are talking about hacking both the news page and the social network accounts of individual journalists or editors: Facebook, Instagram, and YouTube accounts.

The majority of such attacks are phishing, where the victims are lured into clicking on malicious links and inputting passwords. Most attacks are not targeted; they are carried out to steal as many pages and personal accounts as possible. As a result, journalists or media outlets become victims of attacks only as a small part of mass attacks.

However, we have three cases, among which two organizations are from RA, and one from Artsakh, where a more elaborate attack was executed; malicious programs were used that allowed bypassing the two-phase protection.

In all the cases mentioned above, the hacked youtube channel was used for spreading malicious cryptocurrency ads. As expected, the pages were blocked by YouTube security; later restored with the help of CyberHUB.

Among the phishing attacks, there are many disturbing cases where pictures and videos related to the Islamic State were posted on hacked accounts. As a result, the accounts were immediately and, in most cases, permanently banned by social networks.

These cases indicate that the attacker had a clear goal to destroy the account permanently. This, in turn, implies targeted, thought-out attacks. Unfortunately, currently, it is not known what forces are behind such attacks.

And indeed, many other cyber-attacks are widespread in Armenia, to which a journalist can fall victim just by residing in Armenia. There are many such cases; however, they are not linked to the victim’s profession.

In conclusion, the media sphere is a critical domain for Armenia. And journalists and editors should realize that their cyber security is essential not only for them but for the whole country.

 

Samvel Martirosyan

The views expressed in the column are those of the author's and do not necessarily reflect the views of Media.am.