Adam K. Levin, CyberScout founder
Charles King, Pund-IT principal analyst
which the government didn’t approve. “More recently, Harvard’s news site was hacked by people who posted jokes about Mark Zuckerberg. Similarly, hackers broke into Qatar’s state news agency and posted pro-Israel stories. These motivations—which range from simple embarrassment to intelligence gathering—wouldn’t be effective for promulgating fake news or promoting systemic mistrust, but if they occurred often enough the site would be effectively discredited.” The risk remains especially as newspapers often get the news before it is technically news. Information that was under embargo or under a non-disclosure agreement would certainly be the holy grail for hackers who understand the value of knowing tomorrow’s news early. “This could include such information as pending mergers, pending government discussions, pending regulations, pending EPA ruling; this list goes on and on,” Levin said. “That information in the wrong hand could move markets or could just as easily result in a war. We have to accept that media outlets are in unique position to do good, or be used an as instrument do bad things if that data is accessed.” Just as there is a concern that anyone with government security clearance could be at risk from blackmail, and that information they know could be compromised the same is true of reporters today. “Reporters could be the target of bribery or extortion, just like anyone else, but what they know could be extremely valuable,” Levin said. “By targeting an individual rather than a newspaper’s servers, hackers could obtain some valuable information.”
Sources in the Crosshairs Beyond the employee and customer information, as editorandpublisher.com
+E+P Feature_Cybersecurtity.indd 35
Julie Posetti with one of her research collaborators Dr. Marcus O’Donnell (Photo by University of Wollongong)
well as other confidential information that a newspaper’s computer network could contain, there is one other truly valued and protected item: the identity of confidential sources. As long as people have been willing to share secrets with reporters, the identity of that source has been guarded often above and beyond the limits of the law. Reporters have literally gone to jail and in some cases died to protect a source. Hackers could change the balance entirely “The era of the fully protected source has long passed, and even if journalists are experts in cyber security they could never guarantee a whistle blower absolute protection anymore,” said Dr. Mark Pearson, professor of journalism and social media at the Griffith Centre for Social and Cultural Research and the Law Futures Centre at Griffith University. “Journalists have an ethical obligation to tell a confidential source that their identity might well be traceable.” Here the greatest weakness may not be social engineering or phishing scams because even if the information is kept off newspaper servers, there are too many other variables in the digital age. “Journalists who travel may have to stop relying on email,” said Sentage Systems’ Nasscimento. “To protect sources might mean face-to-face communication.” That might still not be enough. “The combination of online and phone communications, geolocational metadata, CCTV cameras and the ubiquity of audio and visual recording means that any initial and ongoing communication with endangered sources would need to be totally analog if it were not already on the radar of those who want to know,” Pearson said. While the American NSA comes to mind as one group that seems to be an all-seeing eye, it is hardly the only such agency. Australia’s Federal Police had admitted earlier this year that it had accessed a journalist’s metadata in breach of protocol. OCTOBER 2017 | E & P
| 35
9/19/17 2:35 PM