{"id":16751,"date":"2019-11-01T13:10:19","date_gmt":"2019-11-01T21:10:19","guid":{"rendered":"https:\/\/www.palada.net\/index.php\/2019\/11\/01\/news-10490\/"},"modified":"2019-11-01T13:10:19","modified_gmt":"2019-11-01T21:10:19","slug":"news-10490","status":"publish","type":"post","link":"http:\/\/www.palada.net\/index.php\/2019\/11\/01\/news-10490\/","title":{"rendered":"Cybersecurity for journalists: How to defeat threat actors and defend freedom of the press"},"content":{"rendered":"<p><strong>Credit to Author: Pieter Arntz| Date: Fri, 01 Nov 2019 20:26:48 +0000<\/strong><\/p>\n<p>When you\u2019re a journalist or work for the press, there may be times when you need to take extra cybersecurity precautions\u2014more so than your Average Joe. Whether a reporter is trying to crowd-source information without revealing their story or operating in a country where freedom of the press is a pipe dream, cybersecurity plays an important role for any journalist producing work online\u2014which is essentially every journalist today.<\/p>\n<p>While the stakes may be a little higher for reporters in war zones, on crime beats, or in political journalism, all writers with public bylines, newscasters, press agents, photographers, and other journalism staff need to consider cybersecurity best practices a priority. Protecting <a href=\"https:\/\/blog.malwarebytes.com\/security-world\/2019\/04\/what-is-personal-information-in-legal-terms-it-depends\/\" target=\"_blank\" rel=\"noreferrer noopener\" aria-label=\"personally identifiable information (opens in a new tab)\">personally identifiable information<\/a>, online accounts, and proprietary data is not just a nice-to-have for journalists. It&#8217;s fundamental to the integrity of their professional reputation\u2014and trust in the press in and of itself.<\/p>\n<p>What happens if a hacker &#8220;outs&#8221; a source whom a journalist promised anonymity? Could that source experience retribution or physical harm? What if a cybercriminal could access national stories and change content to be untrue? Already, <a rel=\"noreferrer noopener\" aria-label=\"misinformation is rampant (opens in a new tab)\" href=\"https:\/\/blog.malwarebytes.com\/social-engineering\/2019\/07\/malaysia-airlines-flight-17-investigation-shows-russian-disinformation-campaigns-have-global-reach\/\" target=\"_blank\">misinformation is rampant<\/a> on the Internet.<\/p>\n<p>If Facebook won&#8217;t ban all-out lies in political ads, it&#8217;s up to our newspapers and publishing outlets to defend the truth. And one way they can better do so is by increasing cybersecurity defenses and awareness.<\/p>\n<h3>Why journalists need cybersecurity<\/h3>\n<p>There are many valid reasons for journalists to better educate themselves on cybersecurity and consider investing in some security tools, but some of the most important are:<\/p>\n<ul>\n<li>Protecting sources&#8217; PII, especially locations, identities, and titles<\/li>\n<li>Hiding from authorities who might be trying to kill a story or force you to reveal a source under penalty of law<\/li>\n<li>Keeping data secure and private if you are asked to turn over a device<\/li>\n<li>Securing communication when you fear eavesdropping, bugging, or other forms of online surveillance<\/li>\n<li>If writing under a pen name or pseudonym, preventing <a rel=\"noreferrer noopener\" aria-label=\"online harassment or doxing (opens in a new tab)\" href=\"https:\/\/blog.malwarebytes.com\/how-tos-2\/2019\/10\/how-to-protect-yourself-from-doxing\/\" target=\"_blank\">online harassment or doxing<\/a><\/li>\n<\/ul>\n<p>As any journalist worth her salt knows, if your anonymous sources become public knowledge, no one will want to talk to you, much less reveal confidential information to you, again. There goes your livelihood.<\/p>\n<p>In some countries and under some circumstances, journalists may not want to reveal what they are working on or where they are working on it. Being able to conduct investigations &#8220;off the grid&#8221; is key in these conditions, as is making sure your best-kept secrets and tomorrow&#8217;s scoop aren&#8217;t revealed in data leaked online or easily scraped from an unlocked device.<\/p>\n<p>Communications can be intercepted, no matter which type. Even face-to-face conversations can be overheard or eavesdropped on. But reporters&#8217; juicy interviews may be of particular interest to cybercriminals, especially nation-state actors conducting longtail reconnaissance on high-profile targets. Whether you&#8217;re talking to the local baker for a human interest story or sitting down with the Director of National Security, it is wise to assume you are under surveillance\u2014or could be if you don&#8217;t take precautions.<\/p>\n<p>Unfortunately, many journalists know first-hand how publishing online can invoke Internet ire via commenting trolls and rage-filled Tweetstorms. A thick coat of armor is necessary to withstand the sometimes needlessly cruel and personal feedback; many an online reporter have booked therapist appointments accordingly. But additional cyber defense is necessary to ensure physical protection from harm, as well to shield from harassment and doxing attempts.<\/p>\n<h3>Cybersecurity methods and tools<\/h3>\n<p>Not every journalist needs all of the cybersecurity methods and tools listed below, but they should at least have a basic understanding of what these methods can do for them, and how to apply them when necessary.<\/p>\n<ul>\n<li>Data <a rel=\"noreferrer noopener\" aria-label=\" (opens in a new tab)\" href=\"https:\/\/blog.malwarebytes.com\/glossary\/encryption\/\" target=\"_blank\">encryption<\/a><\/li>\n<li>End-to-end encrypted communication (email, chat, videoconferencing)<\/li>\n<li>Deleting metadata<\/li>\n<li>Disabling location services when necessary<\/li>\n<li>Creating secure backups, either <a rel=\"noreferrer noopener\" aria-label=\"to the cloud (opens in a new tab)\" href=\"https:\/\/blog.malwarebytes.com\/101\/2016\/04\/should-you-store-your-data-in-the-cloud\/\" target=\"_blank\">to the cloud<\/a> or to external hard drives<\/li>\n<li>Private browsing and other online activities<\/li>\n<li>Deleting navigation history and cookies<\/li>\n<li>Using caution when activating IoT devices that may be vulnerable or insecure; for example, don&#8217;t use Alexa to dial an anonymous source<\/li>\n<li>Using a VPN to anonymize Internet traffic<\/li>\n<li>Educating yourself on <a rel=\"noreferrer noopener\" aria-label=\"basic cybersecurity hygiene (opens in a new tab)\" href=\"https:\/\/blog.malwarebytes.com\/101\/2019\/02\/the-lazy-persons-guide-to-cybersecurity-minimum-effort-for-maximum-protection\/\" target=\"_blank\">basic cybersecurity hygiene<\/a>, and implementing a few technology solutions, including an <a href=\"http:\/\/www.malwarebytes.com\/pricing\" target=\"_blank\" rel=\"noreferrer noopener\" aria-label=\"AV\/anti-malware (opens in a new tab)\">AV\/anti-malware<\/a>, firewall, password manager, 2FA, and updating any software when patches are ready  <\/li>\n<\/ul>\n<p>Data encryption and creating secure backups are closely related. When your device falls into the wrong hands, you don&#8217;t want a criminal to be able to simply exfiltrate all the data you have gathered on it. Encryption can make finding the data hard, or impossible, for those who don&#8217;t have the key. And if you do lose a device, its securely backed-up data can be accessed elsewhere. <\/p>\n<p>Encrypted communication is a bit more challenging. The more sophisticated the method of communication, the harder it seems to render it secure. <\/p>\n<p><a rel=\"noreferrer noopener\" aria-label=\" (opens in a new tab)\" href=\"https:\/\/blog.malwarebytes.com\/101\/2013\/07\/how-to-encrypt-your-email\/\" target=\"_blank\">Encrypting email<\/a> is fairly easy. Many have done it before you and how-to-guides are readily available. Using <a rel=\"noreferrer noopener\" aria-label=\"end-to-end encrypted chat (opens in a new tab)\" href=\"https:\/\/blog.malwarebytes.com\/101\/2018\/04\/keeping-your-business-and-personal-instant-messages-secure\/\" target=\"_blank\">end-to-end encrypted chat<\/a> is a matter of choosing the right software. Real end-to-end encryption means the information will be encrypted using a secret key rather than in plain text. All you need to do is find a trustworthy app that both parties can use. The same is true for video conferencing software, though it may be harder to find familiar names that also offer end-to-end encryption. <\/p>\n<p>Your location can be given away in more ways than you may realize. It is not only a matter of <a rel=\"noreferrer noopener\" aria-label=\" (opens in a new tab)\" href=\"https:\/\/www.theverge.com\/2019\/4\/12\/18302306\/android-101-location-tracking-stop-how-to\" target=\"_blank\">turning off location access<\/a> completely. Your local time, IP address, and list of Wi-Fi networks you used can also give someone at least a crude idea of where you are or have been. <\/p>\n<p>When it comes to keeping your location a secret, also remember to delete the navigation history of your car, browser, or other device used to find a physical address. Also make sure that the rental \u201cconnected vehicle\u201d has been reset, so the previous user can\u2019t keep track of you on his phone.<\/p>\n<p>For photographers, it\u2019s also relevant to delete metadata, as it doesn\u2019t always just include technical and descriptive data, but can also contain a GPS location.<\/p>\n<p>While browsing, it pays off to use a <a rel=\"noreferrer noopener\" aria-label=\" (opens in a new tab)\" href=\"https:\/\/blog.malwarebytes.com\/security-world\/privacy-security-world\/2018\/10\/tighten-security-increase-privacy-browser\/\" target=\"_blank\">browser<\/a> that was developed with your privacy in mind, or using a <a rel=\"noreferrer noopener\" aria-label=\"well-vetted plugin or extension (opens in a new tab)\" href=\"https:\/\/blog.malwarebytes.com\/malwarebytes-news\/2019\/09\/browser-guard-combats-privacy-abuse-tracking-clickbait-and-scammers\/\" target=\"_blank\">well-vetted plugin or extension<\/a> that protects privacy. Add a <a rel=\"noreferrer noopener\" aria-label=\" (opens in a new tab)\" href=\"https:\/\/blog.malwarebytes.com\/glossary\/vpn\/\" target=\"_blank\">VPN<\/a> to your toolset to hide your true IP. Using a VPN may raise awareness that you are up to something, and not every VPN provider will treat your data with the same respect, so do some digging into their background and track record before you decide which one to use.<\/p>\n<p>Recent articles have made us aware of the fact that some of our <a href=\"https:\/\/blog.malwarebytes.com\/security-world\/2019\/03\/googles-nest-fiasco-harms-user-trust-and-invades-their-privacy\/\" target=\"_blank\" rel=\"noreferrer noopener\" aria-label=\"IoT devices are eavesdropping on us (opens in a new tab)\">IoT devices are eavesdropping on us<\/a>. So, when you are having a private conversation that needs to stay private, check your surroundings for devices that could be listening and make sure they can\u2019t hear or relay your talk.<\/p>\n<p>With all this in mind, don\u2019t forget about basic cybersecurity hygiene and awareness. We can\u2019t say this enough: Keep your software up-to-date, patched, and properly configured. Use an anti-malware solution and at least a basic firewall. Use <a rel=\"noreferrer noopener\" aria-label=\" (opens in a new tab)\" href=\"https:\/\/blog.malwarebytes.com\/101\/2017\/01\/understanding-the-basics-of-two-factor-authentication\/\" target=\"_blank\">2FA<\/a> authorization where possible, and password lock all your devices. Clear your browser cache and search history.<\/p>\n<p>Another basic principle when you are a public figure and don\u2019t want to be doxed or harassed is a <a rel=\"noreferrer noopener\" aria-label=\"strict social media regime (opens in a new tab)\" href=\"https:\/\/blog.malwarebytes.com\/101\/2019\/02\/delete-social-media\/\" target=\"_blank\">strict social media regime<\/a>. Consider all that you post public to the world, even if you have a private account. or separate your journalist account from your personal one, with zero links between the two.<\/p>\n<hr class=\"wp-block-separator\"\/>\n<p style=\"text-align:center\"><em>Recommended reading: <a href=\"https:\/\/www.malwarebytes.com\/cybersecurity\/\" target=\"_blank\" rel=\"noreferrer noopener\" aria-label=\"Cybersecurity basics (opens in a new tab)\">Cybersecurity basics<\/a><\/em><\/p>\n<hr class=\"wp-block-separator\"\/>\n<p>If you are not skilled in cybersecurity, do not be ashamed to ask for help setting up your defenses. And know who to contact if anything goes south, even after all your efforts. Also do not assume that your employer is on top of your secure communications: Ask about it.<\/p>\n<h3>Resources for journalists<\/h3>\n<p>This list is not exhaustive, but it gives you an idea of what\u2019s available:<\/p>\n<p>The Assistance Desk of <a href=\"https:\/\/rsf.org\/en\/individual-support\" target=\"_blank\" rel=\"noreferrer noopener\" aria-label=\" (opens in a new tab)\">Reporters Without Borders<\/a> (RSF) provides financial and administrative assistance to professional journalists and citizen-journalists who have been the victims of reprisals because of their reporting.<\/p>\n<p>To report a press freedom violation, you can contact the appropriate Committee to Protect Journalists (CPJ) regional staff. All information is confidential. Contact details per region can be found on the CPJ <a rel=\"noreferrer noopener\" aria-label=\" (opens in a new tab)\" href=\"https:\/\/cpj.org\/emergency-response\/how-to-get-help.php\" target=\"_blank\">website<\/a>.<\/p>\n<p><a rel=\"noreferrer noopener\" aria-label=\" (opens in a new tab)\" href=\"https:\/\/totem-project.org\" target=\"_blank\">Totem<\/a> offers digital security training specifically for activists and journalists. It helps them use digital security and privacy tools and tactics more effectively in their work.<\/p>\n<p><a href=\"https:\/\/securityplanner.org\/#\/\" target=\"_blank\" rel=\"noreferrer noopener\" aria-label=\" (opens in a new tab)\">Citizen Lab\u2019s Security Planner<\/a> aims to improve your online safety with advice from experts. All you need to do is answer a few questions and get personalized online safety recommendations. <\/p>\n<p>The post <a rel=\"nofollow\" href=\"https:\/\/blog.malwarebytes.com\/how-tos-2\/2019\/11\/cybersecurity-for-journalists-how-to-defeat-threat-actors-and-defend-freedom-of-the-press\/\">Cybersecurity for journalists: How to defeat threat actors and defend freedom of the press<\/a> appeared first on <a rel=\"nofollow\" href=\"https:\/\/blog.malwarebytes.com\">Malwarebytes Labs<\/a>.<\/p>\n<p><a href=\"https:\/\/blog.malwarebytes.com\/how-tos-2\/2019\/11\/cybersecurity-for-journalists-how-to-defeat-threat-actors-and-defend-freedom-of-the-press\/\" target=\"bwo\" >https:\/\/blog.malwarebytes.com\/feed\/<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p><strong>Credit to Author: Pieter Arntz| Date: Fri, 01 Nov 2019 20:26:48 +0000<\/strong><\/p>\n<table cellpadding='10'>\n<tr>\n<td valign='top' align='center'><a href='https:\/\/blog.malwarebytes.com\/how-tos-2\/2019\/11\/cybersecurity-for-journalists-how-to-defeat-threat-actors-and-defend-freedom-of-the-press\/' title='Cybersecurity for journalists: How to defeat threat actors and defend freedom of the press'><img src='https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2019\/11\/shutterstock_769630075.jpg' border='0'  width='300px'  \/><\/a><\/td>\n<\/tr>\n<tr>\n<td valign='top' align='left'>When it comes to cybersecurity, journalists need to protect themselves, their sources, and the freedom of the press. Which methods should they use?<\/p>\n<p>Categories: <\/p>\n<ul class=\"post-categories\">\n<li><a href=\"https:\/\/blog.malwarebytes.com\/category\/how-tos-2\/\" rel=\"category tag\">How-tos<\/a><\/li>\n<\/ul>\n<p>Tags: <a href=\"https:\/\/blog.malwarebytes.com\/tag\/communication\/\" rel=\"tag\">communication<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/data\/\" rel=\"tag\">data<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/eavesdropping\/\" rel=\"tag\">eavesdropping<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/encrypted\/\" rel=\"tag\">encrypted<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/journalists\/\" rel=\"tag\">journalists<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/privacy\/\" rel=\"tag\">privacy<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/security\/\" rel=\"tag\">security<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/tracking\/\" rel=\"tag\">tracking<\/a><\/p>\n<table width='100%'>\n<tr>\n<td align=right>\n<p><b>(<a href='https:\/\/blog.malwarebytes.com\/how-tos-2\/2019\/11\/cybersecurity-for-journalists-how-to-defeat-threat-actors-and-defend-freedom-of-the-press\/' title='Cybersecurity for journalists: How to defeat threat actors and defend freedom of the press'>Read more&#8230;<\/a>)<\/b><\/p>\n<\/td>\n<\/tr>\n<\/table>\n<\/td>\n<\/tr>\n<\/table>\n<p>The post <a rel=\"nofollow\" href=\"https:\/\/blog.malwarebytes.com\/how-tos-2\/2019\/11\/cybersecurity-for-journalists-how-to-defeat-threat-actors-and-defend-freedom-of-the-press\/\">Cybersecurity for journalists: How to defeat threat actors and defend freedom of the press<\/a> appeared first on <a rel=\"nofollow\" href=\"https:\/\/blog.malwarebytes.com\">Malwarebytes Labs<\/a>.<\/p>\n","protected":false},"author":4,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_container_layout":"default_layout","colormag_page_sidebar_layout":"default_layout","footnotes":""},"categories":[10488,10378],"tags":[13519,6270,12874,23334,11171,23335,5897,714,11241],"class_list":["post-16751","post","type-post","status-publish","format-standard","hentry","category-malwarebytes","category-security","tag-communication","tag-data","tag-eavesdropping","tag-encrypted","tag-how-tos","tag-journalists","tag-privacy","tag-security","tag-tracking"],"_links":{"self":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/16751","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/comments?post=16751"}],"version-history":[{"count":0,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/16751\/revisions"}],"wp:attachment":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/media?parent=16751"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/categories?post=16751"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/tags?post=16751"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}