The basics of phishing attacks: What journalists need to know to stay safe

By: Jorge Luis Sierra | 10/27/2016

Unless they cover technology, most journalists probably could not explain exactly how a cyberattack happens. Yet it’s more important than ever, given recent global events, for journalists to understand how repressive governments or other groups are launching these attacks against them.

In order to defend themselves appropriately, journalists need to know how they can defeat attempts to infect their computers and mobile devices.

First, journalists need to have a basic understanding of what kind of digital weaponry governments are purchasing. Attackers are using powerful and expensive technology developed by private companies like Hacking Team, an Italian company that sells software that steals information from mobile phones, including contact lists, SMS messages, documents, photos, audio clips, videos and passwords. Some cyberattack software covertly records what keys are being struck on a keyboard and can extract data before it is encrypted.

Secondly, journalists need to understand how these hacking tools work. Although there are some differences between them, they basically follow the same pattern: the victim is deceived into clicking a link after receiving a message with a hidden spy program.

A cyberattack typically consists of the following phases:

  1. Infection of the user’s device by injecting malicious software. Attackers will try to deceive journalists by sending a message carefully crafted to look legitimate, trying to get the victim to click on a link or open a document that will actually infect their device. There are three ways that an attacker may try to access a journalist’s laptop or phone; in information security lingo, these methods are known as social engineering, exploits and spear phishing.

  2. Once the malicious software is in the device, it gets to work immediately. If the device is an iPhone, the software waits until the phone is connected and syncing with a laptop. The cyberattack software will then override the phone’s software restrictions — a practice known as "jailbreaking" — allowing for the installation of a malicious program that essentially infects the phone.

  3. The malicious software may actually work best if the infected phone, while plugged in and charging, is connected to a WiFi network controlled by the attacker. This way, the victim won’t detect any sudden battery drain that usually results from malicious software at work.

This is how adversaries mounted an attack on Rafael Cabrera, an investigative reporter for Mexican online news site Aristegui Noticias. Cabrera helped report on whether Mexico’s president favored a major government contractor that built a mansion for the president’s family. The so-called "Casa Blanca" scandal eventually became a major embarrassment for the government.

The first attempt against Cabrera was a phishing attack. Cabrera received an innocent-looking text message supposedly sent by UNOTV, a news service that delivers breaking stories via SMS to mobile subscribers. However, hidden in that message was a version of Pegasus, a powerful surveillance tool that can extract text messages, contact lists, calendar events, emails and instant messages from phones. Pegasus can also harness an infected phone’s microphone to record sound and use its camera to take photos.

The messages were a classic example of spear phishing, because they were carefully crafted and personalized, meant to pique Cabrera’s interest and get him to click on a link. "The president’s office will sue those who published the 'Casa Blanca' story," read one. "Due to 'Casa Blanca' story, the president’s office may put reporters in jail — see the names," read the second.

Fortunately, when Cabrera saw these on his cellphone screen, he immediately started worrying that the messages were an attempted cyberattack. He did not click on the links leading to the false news stories.

Editor Carmen Aristegui and reporter Irving Huerta, who both worked on the investigation, also received text messages reading, "My dad died last night, we are devastated, click here to see the funeral home address."

Thanks to their experience and awareness of the risks involved, neither of them clicked on the links contained in the malicious messages.

To learn more on what to do to prevent these attacks — and what to do if you become a victim of spear phishing — click through the slideshow below:

Main image CC-licensed by Flickr via Christopher Schirner.

This post was also published on IJNet, which is produced by ICFJ.

Latest News

Valeriya Yegoshyna: Keeping Eyes on Ukraine

In the face of dire threats to their safety, Ukrainian journalists have put their lives on the line to document the atrocities of Russia’s invasion of their country, and amplify the stories of those most impacted. Among these fearless journalists is 2024 ICFJ Knight International Journalism Award winner Valeriya Yegoshyna, a reporter at Schemes, the investigative project of the Ukrainian service of Radio Free Europe/Radio Liberty. Her reporting has revealed alleged Russian war crimes and corruption in her native Ukraine.

Covering Elections and a New Administration in a Fractured Media Landscape

Maria Ressa joined White House correspondents Peter Baker and Eugene Daniels to reflect on the challenging environment for the journalists who covered the 2024 elections and their aftermath. The panel, led by Kristen Welker, moderator of NBC News’ “Meet the Press,” was part of ICFJ’s 40th Anniversary Tribute to Journalists, held Nov. 14 in Washington, DC.

Highlights from ICFJ's 40th Anniversary Tribute to Journalists

Last night we celebrated the best in journalism globally at ICFJ’s 40th Anniversary Tribute to Journalists in Washington, DC. We recognized our 2024 ICFJ Knight Award winners – three inspiring journalists who have made a mark with their courageous investigative journalism.