Research

NSA Hack Update & Attacks on New York Times

Written by Reflare Research Team | Aug 24, 2016 11:38:00 AM

Cyber attacks on newspapers and other journalistic outlets are some of the most dangerous attacks possible, as they have the potential to impact an entire nation’s public opinion just as much as any government document or military secret.

First Published 24th August 2016

All the news that's fit to print.

This week's briefing will be split into two parts.

NSA TAO Hack & Tool Leak Update

While it has been more than a week since the entity calling itself "The Shadow Brokers" first leaked tools and exploits allegedly used by the NSA's TAO unit, no further hard information has emerged.

Rumours, theories and accusations abound but we can not establish enough evidence for any of them to be considered trustworthy.

We await the conclusion of the Shadow Brokers' auction, further releases, a governmental response or hard evidence and will update you once such information becomes available.

FBI Investigate attack on New York Times

The FBI is reportedly investigating several cyber attacks on US news organizations which it believes were carried out by Russian hackers.

So far no successful breaches have been reported.

The reason for this investigation appears to be the New York Times reporting a seemingly unsuccessful cyber attack on its Moscow Office. No further information is available at this point.

Cyber attacks against newspapers fit the pattern of actors attacking soft targets to impact hardened ones which we have described in detail during this month's briefings. Newspapers impact public opinion and are thus especially valuable targets. If the information that has not yet been released or that has been willfully withheld can be found in the newspaper's archives a release through the attackers can cause significant damage to the newspaper's image.

Attackers would also search for evidence of disapproved reporting practices or strong connections to government agencies on the PCs of individual reporters to cause further image damage.

Lastly, newspapers often keep their sources anonymous while information that may be used to identify them is still stored on the internal networks. If such information is stolen, sources may be at risk.

Since most newspapers don't have strong IT security - let alone dedicated IT security staff - the combination of valuable information and relatively weak security makes them very appealing targets for any attacker.

It remains to be seen if the FBI or any of the affected papers themselves will uncover evidence of a successful breach. Even if no evidence is found, a breach may still have occurred.

The only proof positive of a successful hack would be the leaking of sensitive files stolen from a paper. We will continue to monitor the situation for new information.