{"id":26417,"date":"2021-02-17T14:52:55","date_gmt":"2021-02-17T14:52:55","guid":{"rendered":"https:\/\/media.am\/?p=26417"},"modified":"2021-02-21T15:53:36","modified_gmt":"2021-02-21T15:53:36","slug":"media-and-digital-security-armenias-experience","status":"publish","type":"post","link":"https:\/\/media.am\/en\/critique\/2021\/02\/17\/26417\/","title":{"rendered":"Media And Digital Security: Armenia\u2019s Experience"},"content":{"rendered":"

The media in Armenia have been the target of cyber attacks for years. Since the beginning of the 2000s, media outlets have been hacked by Azerbaijani groups.<\/span><\/p>\n

Until the 2010s, Turkish hacker groups also carried out active attacks, mainly conditioning them on Genocide-related topics: every April 24 or in any country in parallel with raising the topic of Genocide recognition.<\/span><\/p>\n

The situation became much more serious in the 2010s, as hacker teams were formed in Azerbaijan, working mainly in the direction of Armenia.<\/span><\/p>\n

Those teams had two target groups: state websites and media.<\/span><\/p>\n

In 2012, Ramil Safarov’s extradition from Hungary was followed by a large-scale hacker attack against Armenia following a diplomatic and propaganda conflict between Yerevan and Baku. During the attack, not only were traditional sites attacked, but large-scale DDoS attacks were used.<\/span><\/p>\n

This, as well as the number of subsequent DDoS attacks, suggests that the attacks were state-sponsored. This time the primary target was the media, which was followed by attacks on state websites.<\/span><\/p>\n

New bad traditions were set before the same 2012 elections: The first <\/span>internal political hacker attacks<\/span><\/a> were used. Since then, the media has been the target of DDoS attacks. However, internal political attacks have peculiarities that make the attacks difficult to study.<\/span><\/p>\n

Some of these attacks are simply not voiced due to various internal political and economic considerations.<\/span><\/p>\n

The other part, presumably, does not correspond to reality and is used by the editorial offices for political manipulations or PR. Cases of numerous attacks have not been investigated, have not been confirmed by independent experts.<\/span><\/p>\n

And the existing cases did not lead to revelations, which will allow for drawing any conclusions.<\/span><\/p>\n

The analysis is mainly done at the level of assumptions, the principle is old and simple cui prodest. Moreover, there is a possibility that domestic political attacks may be disguised under attacks by Azerbaijani hacker teams, as they are the main and most common option.<\/span><\/p>\n

Armenia, as well as the Armenian press, was subjected to the most serious attacks in 2020. During the July Tavush events and the Artsakh war, the press was one of the main targets.<\/span><\/p>\n

News sites are usually attacked by DDoS from the moment hostilities begin. This is already a rule, which started to be formed after the above-mentioned events of 2012. And it is a consequence of 2012 and the events that followed that most of the Armenian media already use defense systems, mainly Cloudflare.<\/span><\/p>\n

In any case, the connection of the defense system does not solve the problem on its own: The attackers use different tricks and professional intervention is needed.<\/span><\/p>\n

In the case of the Artsakh war, DDoS attacks were carried out by the Azerbaijani side on a continuous basis. Almost all Armenian media outlets were under attack. Moreover, the attacks were carried out with constant changes of directions, which also required constant attention and intervention from the point of view of defense.<\/span><\/p>\n

For example, the Azerbaijani Academy of Sciences was working against Armenian websites (Photo from Arthur Papyan’s Twitter):<\/span><\/p>\n

\"\"<\/p>\n

Ruben Muradyan reported that the media was urged by the government to simply block entry from Azerbaijan and Turkey.<\/span><\/p>\n

\n

I’ve got a few reports, that @armgov<\/a> is calling media, asking them to block user IPs from AZ and TR, effectively limiting Armenian propaganda to AZ and TR users. It is neither correct, nor efficient. Dear @armgov<\/a>, we need to push our PoV to them, not block it. #ArtsakhStrong<\/a><\/p>\n

\u2014 Ruben Muradyan (@RubenMuradyan) September 27, 2020<\/a><\/p><\/blockquote>\n

However, blocking Azerbaijani and Turkish IP addresses completely is not the right solution, as there is a sharp increase in the number of real users turning to Armenian media at such times. In addition, hackers are actively using VPN, TOR traffic to disguise attacks coming from the Azerbaijani sector.<\/span><\/p>\n

There are also many attacks, the meaning of which is to post either false information or propaganda material on the website.<\/span><\/p>\n

Thus, the attack on Cloudflare accounts during the war led to the redirection of visitors to a number of popular media outlets. And dozens of websites were hacked at the same time: some simply as a result of a direct attack.<\/span><\/p>\n

In fact, on September 27, the main part of the Armenian press was closed for a short time. The following sites were listed, for example:<\/span><\/p>\n

http:\/\/1in.am<\/a><\/p>\n

http:\/\/a1plus.am<\/a><\/p>\n

http:\/\/armenpress.am<\/a><\/p>\n

http:\/\/armtimes.com<\/a><\/p>\n

http:\/\/blognews.am<\/a><\/p>\n

http:\/\/hetq.am<\/a><\/p>\n

http:\/\/mamul.am<\/a><\/p>\n

http:\/\/mediamax.am<\/a><\/p>\n

http:\/\/news.am<\/a><\/p>\n

http:\/\/zhamanak.com<\/a><\/p>\n

In general, dozens of Armenian news websites have been hacked during the last ten years. Most of them were targeted by Azerbaijani and Turkish hacker groups.<\/span><\/p>\n

Journalists are also targeted. Again, the main recorded cases are related to Azerbaijani hackers. However, most of the cases speak about the fact that the journalists are not a separate target. Hackers carry out mass phishing attacks, in which journalists are also victims.<\/span><\/p>\n

However, cases of targeted attacks are also known. Most of them are not made public, which makes it impossible to have accurate statistics.<\/span><\/p>\n

Thus, at the end of 2020, the report \u201c<\/span>Russia hackers pursued Putin foes, not just US Democrats<\/span><\/a>\u201d appeared, this time it was published by the Associated Press. And again, this would mean that you have to spend on these processes. And it becomes clear again that in the list of large-scale cyber attacks, which was carried out in the territory of a large number of countries at once, there are also Armenians.<\/span><\/p>\n

According to the presented quantitative list, there were 41 targets from Armenia.<\/span><\/p>\n

\"\"

\u201cRussia hackers pursued Putin foes, not just US Democrats” report<\/span><\/i><\/p><\/div>\n

The list of Armenian victims of the attacks has not been published, it is only known that in 2015, <\/span>during the protests in Electric Yerevan, EVN Report editor Maria Titizian was attacked<\/span><\/a>.<\/span><\/p>\n

According to our data, among those 41 people, there are journalists, as well as political scientists and analysts, all of whom can be described as more pro-Western.<\/span><\/p>\n

Internal data known to CyberHUB-AM, allow us to say that the targeted attacks on Armenian journalists and media outlets, of course, are not mass, but they are much larger than it is made public.<\/span><\/p>\n

And there are more and more cases when one can suspect state-sponsored groups.<\/span><\/p>\n

The increase in the activity of internal political attacks is also obvious.<\/span><\/p>\n

Samvel Martirosyan<\/b><\/p>\n","protected":false},"excerpt":{"rendered":"

The media in Armenia have been the target of cyber attacks for years. Since the beginning of the 2000s, media outlets have been hacked by Azerbaijani groups. Until the 2010s, Turkish hacker groups also carried out active attacks, mainly conditioning them on Genocide-related topics: every April 24 or in any country in parallel with raising Read the full article…<\/a><\/p>\n","protected":false},"author":3,"featured_media":26374,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"ngg_post_thumbnail":0,"footnotes":""},"categories":[16],"tags":[],"class_list":["post-26417","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-critique","author_posts-samvel-martirosyan"],"acf":[],"_links":{"self":[{"href":"https:\/\/media.am\/en\/wp-json\/wp\/v2\/posts\/26417","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/media.am\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/media.am\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/media.am\/en\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/media.am\/en\/wp-json\/wp\/v2\/comments?post=26417"}],"version-history":[{"count":1,"href":"https:\/\/media.am\/en\/wp-json\/wp\/v2\/posts\/26417\/revisions"}],"predecessor-version":[{"id":26418,"href":"https:\/\/media.am\/en\/wp-json\/wp\/v2\/posts\/26417\/revisions\/26418"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/media.am\/en\/wp-json\/wp\/v2\/media\/26374"}],"wp:attachment":[{"href":"https:\/\/media.am\/en\/wp-json\/wp\/v2\/media?parent=26417"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/media.am\/en\/wp-json\/wp\/v2\/categories?post=26417"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/media.am\/en\/wp-json\/wp\/v2\/tags?post=26417"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}