What it’s like to be a reporter under cyberattackOn November 10, 2017 by Kenna
Propublica’s Julia Angwin (previoulsy) is one of the most fearless, effective investigative journalists reporting on technology; last August, she was subjected to brutal, crude, devastating cyberattacks after the publication of an article she worked on that outed tech companies, ad brokers and payment processors for helping extremists “monetize hate,” acting as paymasters for neo-Nazis, the alt-right, and genocidal racists.
Angwin and her colleagues were subjected to “subscription bombs,” when attackers use bots to sign up their targets for millions of mailing lists (for example, a list to get notified whenever someone replies to a given post on a WordPress blog). The targets are then flooded with millions of subscription confirmation emails, which clog their inboxes and swamp their mailservers. These attacks are particularly effective when directed at organizations like Propublica, whose independent newsgathering demands that their maintain their own email servers, rather than entrusting their internal communications to better-defended companies like Google.
A few of the big mailing-list providers are voluntarily including an experimental header in their subscription confirmation messages, allowing targets of subscription bombs to automatically filter them, but this is a relatively recent and as-yet narrowly adopted countermeasure.
The email bombs were just part of the attacks on Propublica, who also faced automated and human-fronted Twitter harassment, death and rape threats, doxing, and similar attacks. They worried they might get “swatted” (when an attacker tricks the local police into thinking that there’s a hostage situation in their target’s home, resulting in the dispatch of a SWAT team, which can have lethal consequences).
Angwin reports that the Propublica email has returned to normal, but her piece is a wake-up call about an asymmetry on the internet that can be exploited to attack many other people doing good work, including those with even less resources that Propublica.
Jeff wrote a program to automatically email the owners of nearly 500 of the WordPress websites that had been hijacked to send us email. These emails had been sent automatically to confirm that we’d signed up for an account, usually for the purpose of being able to post a comment on a blog. “I’m a reporter with ProPublica, a nonprofit news organization,” Jeff wrote. “Earlier this week, we started receiving thousands [of] emails in our inboxes. After investigating them, we found that someone was signing us up for new accounts on sites like yours.” He asked them to send him any information for the accounts created under our names.
Only a handful of sites responded. One website owner, Raul Silva from Chicago, said he was shocked that his nearly abandoned blog—he only posted once, in 2012—was being used by bots. “Holy crap! There are 2,800 registered users,” Silva wrote to Jeff. “Must be bots using the site as a launch board for spamming and scamming.”
HOW JOURNALISTS FOUGHT BACK AGAINST CRIPPLING EMAIL BOMBS
Five years ago, Benjamin Delpy was working for an unspecified French government agency and teaching himself to program in C, and had discovered a vital flaw in the way that Windows protected its users’ passwords.
In March, Wikileaks published the Vault 7 leaks, a cache of CIA cyberweapons created under the doctrine of “NOBUS” (“No One But Us”), in which security agencies suppress the publication of bugs in widely used software, choosing instead to develop attack-tools that exploit these bugs, on the assumption that no one else will ever discover […]
On Wednesday, the CIA released nearly 500,000 files recovered from the 2011 raid on Osama bin Laden’s compound in Abbottabad, Pakistan hideout. According to the CIA’s web page, the files are “temporarily unavailable pending resolution of a technical issue.” From Wired: Hailed by researchers and international relations experts as a valuable gesture of transparency, the […]
A DreamScreen HDTV Backlighting and Total Surround Kit makes your TV glow with the action, and is now available in the Boing Boing Store starting at $124.99. This backlight setup tracks the colors of your media to make the picture appear to bleed past your TV’s outer bezel at an ultra-smooth 60 frames per second. […]
A newfound enthusiasm for aerial photography doesn’t have to mean dropping hundreds on a high-end quadcopter. The SKEYE Nano 2 FPV Drone streams gorgeous HD footage to your phone in real time, and is being offered in the Boing Boing Store for $64. This pint-sized flyer is ready to go out of the box. It […]
The advent of consumer cloud storage has definitely made digital life better for everyone. No longer do you have to abuse email attachments to store and send things to other people. Going all-in on remote drives also means that a dead hard disk isn’t a completely apocalyptic scenario anymore. And since smartphone manufacturers have decided […]