Being able to protect yourself, and your sources, is essential to journalism. Protecting your source is one of the most fundamental parts of being a journalist. Sadly, protecting sources is harder than ever with so many digital vulnerabilities for bad actors to exploit, and compounded by constant attacks on journalists from all sides.
Secure communication apps for journalists protect them from domestic spying by competitors and adversaries, as well as from those looking to exploit their data or even silence them for speaking out against corrupt regimes. This use case will look at real examples of why journalists need secure messaging as part of their toolkit, and how SKY ECC fits into the picture.
Secure communication apps for journalists
Digital attacks against apps for journalists are bad and getting worse. These statistics paint a troubling picture:
- Russian hackers attacked 200+ journalists in 2015—50 of which were American.
- 21 of the world’s top 25 news outlets have been targeted by hackers.
- 1,400+ journalists and activists in India were targeted on WhatsApp alone.
- Nine Mexican journalists were targeted this year, one was killed and his wife and colleagues became targets next.
- The “0-Click” attack took over the email of at least one journalist in Europe, giving the hacker full control of their device via the iPhone’s Mail app.
Both the Indian and Mexican journalists were attacked with Pegasus, a nasty bit of spyware targeting iPhones.
This sophisticated malware allows attackers to take control of targeted phones’ in every way from tracing locations, to reading messages and listening to phone calls. Every aspect of how a journalist works through their phone can be compromised by this malware.
Russian hacking of bad apps for journalists
Russia has long been an adversary of free speech. This includes attacking their own journalists, as well as those in America and elsewhere. One hack among hundreds was carried out against famed Russian journalist Pavel Lobkov. Here’s the story:
- Pavel has had many issues with authority in Russia ever since discovering he was gay as a teenager. He was sent for unsuccessful conversion therapy.
- In 2003, he found out he was HIV positive. Doctors refused to treat him.
- March 2015, while working as a journalist for an independent news outlet, he clicked on a phishing email link which compromised his online accounts.
- December 2, 2015 he came out on-air as HIV positive in hopes of sparking public discussion and reducing stigma.
- Days later, over 300 pages of his personal Facebook messages were published online.
This was done to discredit him as he tried to change the conversation on HIV and gay men in Russia, which the Russian government is against.
American journalist Masha Gessen was also targeted in these attacks. After authoring a book on Russian President Putin, Gessen kept noticing people speaking loudly in Russian on phones at meetings that had been added to her Gmail calendar—a classic intimidation tactic. Over 200 journalists faced similar attacks to Pavol and Masha by the Fancy Bear group.
How SKY ECC would have helped
Phishing emails are common attacks aimed at journalists and other prominent people. They usually come masked as you need to reauthorize or login into an account—often with the ironic tactic that the account has been hacked. When the link is clicked either malware is installed or the victim’s username and password are captured by attackers.
In Pavel’s case his Facebook Messenger history was compromised. Here’s how if Pavel had used SKY ECC—the most secure chat app for journalists—to chat with friends and sources the attack couldn’t have happened in the first place:
- To read SKY ECC messages you physically need the device in your hand. You can only have your SKY ECC ID active on one device at a time—there is no way hackers could access his account and Pavel a) not know about it and b) get any useful data from previous chats. Pavel’s leak of private messages wouldn’t have happened with SKY ECC.
- Messages only last for up to 7 days, and are never stored on a server, preventing old messages from ever coming back to be used against you.
- Phishing link clicks are prevented by blocking unknown contacts from sending messages.
- If a journalist is tricked into adding an unknown contact who sends a phishing message, any link in a message is unlikely to work—SKY ECC devices can only access Sky-owned websites.
- Masha’s calendar could have been secured within SKY ECC’s vault as an editable note to herself, preventing it from being spied on.
Journalists, and their sources, are incredibly vulnerable to hacking with their digital tracks seeming to be private until a skilled hacker applies themselves to the problem. SKY ECC is one of the most essential apps for journalists in high-risk environments as it will protect your career, your sources, those you’re close to, and maybe even your country.
The fallout from the attack
Years later, Pavel still feels traumatized by the leak of his personal messages, with untold damage done to his credibility and personal life. The 200 other journalists attacked in this campaign no doubt have similar feelings.
Journalists were the third biggest victims of hacking in this attack by the Russian Fancy Bear group, behind diplomatic personnel and US Democratic party members. Journalists must start taking steps to protect their professional, as well as personal, communications before they’re attacked.
No one can assume consumer or popular communications apps—especially those made by surveillance-heavy social media companies—are secure or able to protect your privacy. Your newsroom needs an advanced tool like SKY ECC.