By Jeremy Wagstaff
SINGAPORE (Reuters) - Twenty-one of the world's top-25 news organizations have been the target of likely state-sponsored hacking attacks, according to research by two Google security engineers.
While many internet users face attacks via email designed to steal personal data, journalists were "massively over-represented" among such targets, said Shane Huntley, a security software engineer at Google.
The attacks were launched by hackers either working for or in support of a government, and were specifically targeting journalists, Huntley and co-author Morgan Marquis-Boire said in interviews. Their paper was presented at a Black Hat hackers conference in Singapore on Friday.
"If you're a journalist or a journalistic organization we will see state-sponsored targeting and we see it happening regardless of region, we see it from all over the world both from where the targets are and where the targets are from," Huntley told Reuters.
Both researchers declined to go into detail about how Google monitors such attacks, but said it "tracks the state actors that attack our users." Recipients of such emails in Google's Gmail service typically receive a warning message.
Security researcher Ashkan Soltani said in an earlier Twitter post that nine of the top-25 news websites use Google for hosted email services. The list is based on traffic volumes measured by Alexa, a web information firm owned by Amazon.com Inc.
California-headquartered Google also owns VirusTotal, a website that analyses files and websites to check for malicious content.
"TIP OF THE ICEBERG"
Several U.S. news organizations have said they have been hacked in the past year, and Forbes, the Financial Times and the New York Times have all succumbed to attacks by the Syrian Electronic Army, a group of pro-government hackers.
Huntley said Chinese hackers recently gained access to a major Western news organization, which he declined to identify, via a fake questionnaire emailed to staff. Most such attacks involve carefully crafted emails carrying malware or directing users to a website crafted to trick them into giving up credentials.
Marquis-Boire said that while such attacks were nothing new, their research showed that the number of attacks on media organizations and journalists that went unreported was significantly higher than those made public.
"This is the tip of the iceberg," he said, noting a year-long spate of attacks on journalists and others interested in human rights in Vietnam, including an Associated Press reporter. The attacks usually involved sending the target an infected email attachment masquerading as a human rights document.
While many of the world's biggest media players have been targeted in these attacks, small news organizations, citizen journalists and bloggers were also targeted, Huntley said, noting hacking attacks on journalists in Morocco and Ethiopia.
The problem, Marquis-Boire said, was that news organizations have been slower than other businesses in recognizing the threat and taking action. "A lot of news organizations are just waking up to this," he said.
Many journalists are now taking individual action to protect their computers and email accounts, he said. "We're seeing a definite upswing of individual journalists who recognize this is important."
(Editing by Ian Geoghegan)