Reuters Hacks Show Cyber Battle Over Information

The Reuters news service fell victim to two cyberattacks in the past week, providing another example of how the digital world can serve as a battleground in political conflict.

On Aug. 3, blogs.reuters.com was compromised and used to publish fake blog posts falsely attributed to Reuters' journalists, forcing Reuters to take the blog down temporarily. Then, two days later, Reuters' Twitter account, @ReutersTech, was hacked and changed to @ReutersME. The account was suspended. Twitter declined to comment on the hack and how it took place, and Reuters would not discuss how it plans to bolster security moving forward to avoid similar attacks.

In both cases, however, whoever was behind the attack was able to post false reports, including a fake interview with Riad al-Assad, head of The Free Syrian Army, in which he was quoted as saying his forces were withdrawing from the Aleppo province after fighting with the government. The hacks add Reuters' name to the list of news organizations that have been hit by hacktivists for various reasons in the past year. In 2011, for example, LulzSec hit the Fox Broadcasting Co.

According to Jamz Yaneza, threat research manager at Trend Micro, news organizations should always be on guard against online disruption and modification.

"While this is true for other ways of reporting news, it should even be more so for its online outlets given the relative ease of which data can so easily be changed instantly," he says. "A news organization’s reputation is at stake when textbook security measures are ignored."

When the Twitter account was compromised, 22 fake Tweets were posted purporting to be from Reuters, including claims that the United States was providing support to Al-Qaeda operatives in Syria.

Though the exact cause of the compromise of blogs.reuters.com has not been disclosed, according to The Wall Street Journal, Mark Jaquith, one of the lead developers of WordPress, said that Reuters had been running an outdated edition of the blogging platform -- version 3.1.1 -- as opposed to the latest version, 3.4.1.

Though the older version has multiple vulnerabilities, Jaquith says the platform includes update notifications and a self-updating feature to help customers stay current with security patches.

"If organizations ignore those notifications and stay on an outdated version, then they put themselves at risk of these sorts of breaches,” he told The Journal.

Regardless of the nature of the vulnerability, however, politically motivated cyberattacks and leaks have continued to grow. In July, for example, WikiLeaks began releasing a massive collection of stolen emails it called the "Syria Files," meant to embarrass both Syria and its opponents.

In a story by Reuters, Hayat Alvi, lecturer in Middle Eastern studies at the U.S. Naval War College, calls cyberattacks the "new reality of modern warfare."

"In war, the greatest casualty is the truth," he tells Reuters. "Each side will try to manipulate information to make their own side look like it is gaining while the other is losing."

"Hacktivism and hacktivists aren’t new -- only the platform and medium has changed," Yaneza says. "The current trend of activity we’ve seen in the past few years is that most activity is centered on the biggest return, and then exit. All activities will depend on the specific target organization and what, to their thinking, will push their agenda." Have a comment on this story? Please click "Add Your Comment" below. If you'd like to contact Dark Reading's editors directly, send us a message.