News and media websites are most likely to be targeted by state-sponsored hackers, says new research by two Google security engineers.
Twenty-one of the world’s top-25 news organizations have been hit by such attacks, with journalists “massively over-represented” among internet users as targets for attacks designed to steal personal data.
Shane Huntley and Morgan Marquis -Boire presented their research at a Black Hat hacker conference in Singapore on Friday, saying that Google actively “tracks the state actors that attack [it’s] users”.
"If you're a journalist or a journalistic organization we will see state-sponsored targeting and we see it happening regardless of region, we see it from all over the world both from where the targets are and where the targets are from," Huntley told Reuters.
The pair of security researchers also said that Chinese hackers had recently gained access to a major Western news organisation by emailing staff members a fake questionnaire that tricked them into giving up their security credentials. The news site in question was not identified.
Marquis-Boire said that the research was nothing new, but that such attacks often went unreported. Hackers usually operate by sending carefully thought-out emails designed to appeal to the target’s specific interests.
It was revealed last year that hackers had targeted dozens of diplomats attending the G20 summit in Paris in 2011, duping victims into clicking on links by promising naked pictures of Carla Bruni, the former first lady of France.
Huntley and Marquis-Boire gave the example of a year-long string of attacks targeting journalist intretseted in human rights issues in Vietnam, with victims usually sent documents masquerading as human rights documents.
“A lot of news organizations are just waking up to this," he said. "We're seeing a definite upswing of individual journalists who recognize this is important."