Attacks on Knight Center sites reflect digital dangers

The two websites at the University of Texas at Austin, at first blush, seemed to have been unlikely targets for attack. The Knight Center for Journalism in the Americas and its blog cover news about journalism, press freedom and journalist safety throughout the Western hemisphere, with an emphasis on trends in Latin America. The website of the International Symposium for Online Journalism provides information about meetings and other professional issues. Both websites were shut down for two weeks last month in a targeted cyber-attack.

Attacks targeting news, human rights, and free expression organizations “are very common,” Eva Galperin, global policy analyst at the San Francisco-based Electronic Frontier Foundation, told CPJ.  In fact, CPJ’s own website briefly came under attack on February 8, although the hacking did not take the site down. “Many groups encounter such threats on a near-daily basis, and civil society must exercise constant vigilance to protect against these threats,” said Masashi Crete-Nishihata, research manager at the University of Toronto-based Citizen Lab, in an email to CPJ.

The hackers of the two UT websites used a method called cross-site scripting to plant malicious code in the sites’ hosting computers, according to a Knight Center researcher. The university’s information technology researchers tracked the origin of the attacks to IP addresses in Russia. The IT team at UT put the two websites under quarantine while it repaired the damage and addressed vulnerabilities.

The Knight Center deftly moved to other platforms while it addressed the problem. “The malicious cyber-attack was enough to shut our websites down, but not enough to shut us up,” Rosental Alves, founder and director of the Knight Center for Journalism in the Americas, said in a posting. The Knight Center put up two temporary WordPress blogs to keep news and information flowing while the websites were down.

The motive for the attack on the UT websites is not known. In the days and weeks before the attack, the Knight Center’s Americas blog reported on matters such as an attack on a northern Mexican newspaper, a number of newspapers’ opposition to a defamation law in the Dominican Republic, an Ecuador-based non-governmental organization’s protest against the “arbitrary” suspension of its Twitter account by the U.S.-based firm of the same name, and the murder of a radio host in Brazil who spoke out against organized crime.

In the strike against the CPJ website, the attacker exploited a vulnerability in the site’s Movable Type publishing system to install code that redirected visitors to a third-party site capable of downloading malware to computers running Internet Explorer, and then on to Google.com. CPJ spotted and removed the redirect code within seven minutes and, in the aftermath, took a number of measures to harden its system. CPJ’s investigation into the attack, which is continuing, preliminarily traced the attack to a Turkish web server. 

Hackers use a number of tactics, noted Crete-Nishihata of Citizen Lab. A common method is the denial-of-service attack, which prevents a website from functioning normally by overloading its host server with external communications requests. In December 2011, a denial-of-service attack took the Mexican website Ríodoce offline for six days. Ríodoce was one of the few publications in the Mexican state of Sinaloa to cover the narco-traffickers operating with impunity in the region, including the powerful Zetas cartel. Defacement attacks are yet another tactic. An entity called the Iranian Cyber Army has defaced the websites of Iranian opposition activists and journalists.

Perhaps more insidious is the infiltration of computer networks, including email systems. In many dozens of documented cases–affecting such major news organizations as The New York Times, The Washington Post, and The Wall Street Journal–hackers have quietly infiltrated computers to monitor sensitive email and other digital communications. In 2011, technologists at Citizen Lab and other groups revealed that that Internet filtering software made by the California-based developer Blue Coat Systems was being used in Syria. The Syrian government is known to be using technology to gather information about activists and citizen journalists. Spyware doesn’t even need to be expensive. A Russian software maker produces effective spyware called BlackShades for just $40.

So what can journalists, human rights defenders, and others do to protect themselves? Education and awareness go a long way to helping keep individuals and groups safe, both Crete-Nishihata and Galperin told CPJ. Open-source tools such as those offered by Metasploit allow groups to test potential vulnerabilities in their digital systems. Citizen Lab–which focuses on the convergence of digital media, global security, and human rights–offers a number of other simple, but important self-protection steps. Vigilance is the first step to staying safe.