SEA journalists being targeted by hackers, state agencies
By Benjamin Cher November 19, 2015
- Unnamed media firm was targeted by hacker group suspected to be from China
- SEA governments like Malaysia and Singapore known to be using spyware
JOURNALISTS in South-East Asia are being heavily targeted not just by cybercriminals, but also state-sponsored hackers, according to a security report released today by US-based FireEye Inc.
The South-East Asia: Cyber Threat Landscape report, based on a study conducted jointly by FireEye and Singapore Telecommunications Ltd (Singtel), listed the entertainment, media and hospitality industries as the most targeted in the region, accounting for 38% of malware attacks.
The government and public sector come in second at 25%.
READ ALSO: SEA at risk as disputes turn to cyberwar: FireEye
Journalists in particular are heavily targeted, not just by criminals but also by intelligence agencies, according to FireEye’s Asia Pacific chief technology officer Bryce Boland.
“Especially political journalists – they have sources who are meant to be secret, and there are a lot of intelligence agencies which want to know who they are talking to,” he told Digital News Asia (DNA) in Singapore, prior to the release of the report.
Most of these attacks take the form of advanced persistent threats (APTs), which are targeted attacks mean to extract confidential data.
APT groups likely target media companies because of their role in shaping public opinion, the FireEye report said.
In addition, the sponsors of APT groups often seek early warning about reporting that is critical of their government, it added.
In early 2015, FireEye also discovered cyberthreat actors, suspected to be from China, targeting a media firm in Asia.
These attackers attempted to compromise the media firm, which was not named in the report, via a malicious phishing email. The email contained an attachment that deployed a MONKEYTILT backdoor.
“The media company may have been targeted because it had published commentary supportive of an opposition group.
“The cyberthreat group may also have sought information that would help authorities monitor public opinion and gain advanced notice of articles that portrayed the government negatively,” the report said.
Many of the media organisations in South-East Asia are either controlled directly or indirectly, or strictly regulated, by their governments, but there has been an explosive growth of independent media in some countries, mostly on the Internet.
Many of the region’s governments are also known to use less-than-savoury methods to keep an eye on their own citizens.
For example, earlier this year, it was discovered that the Malaysian Government was a customer of the discredited Milan-based company Hacking Team, which develops spyware called Remote Control System (RCS).
The discovery came after Hacking Team was itself hacked, and its business records and corporate email leaked on the Internet.
The Sinar Project, an Internet rights organisation in Malaysia, called for an independent probe into the Malaysian Government’s use of such spyware.
Meanwhile, civil liberties lawyer Syahredzan Johan said that if it was indeed true that the Malaysian Government was spying on its people, “then major violations of our fundamental liberties would have taken place.”
According to leaked Hacking Team documents, another of its customers was the Infocomm Development Authority of Singapore (IDA). However, industry experts there noted that the Singapore Constitution does not grant its citizens a right to privacy.
Other ‘ripe’ targets\
Meanwhile, Boland said the objectives of the attackers vary based on their targets.
“You have to look at motivation,” he said. “Malware is just a tool – if you want to gain access to something, you pick the tools and mode of operation that will be successful for you.”
Hospitality was a key industry being targeted due to the sheer amount of data they have of their customers.
“Every time you go to a hotel, they want a copy of your passport, credit card details and get so much data of you,” Boland said.
“This makes them a great target for criminals who would want credit card information as well as high resolution scans of identity documents, which can be used to create fake documents,” he added.
These fake documents then can be used for real-world criminal activities, from renting out a place to manufacture drugs, to creating a money-laundering bank account, he highlighted.
While it is no surprise that financial services and telecom industries feature on the list, education’s appearance at fifth place on the list might come as a surprise for many.
“It is mostly universities, and there’s a lot of reasons why they get attacked and hacked into,” Boland said.
“One is that people are trying to get access to alter grades and academic records, and you also have nation states like China targeting information about Chinese nationals at foreign universities to understand their affiliations, what they’re doing, etc,” he added.
Intelligence agencies are part of the party as well according to Boland, targeting universities to get access to in-progress research to steal intellectual property.
Case studies in the FireEye report cite mostly China-based threat actors as the attackers against media firms, government organisations and even state-owned banks.
What Malaysia bought from spyware maker Hacking Team
Hacking Team leaks: We’re not out of the woods yet
Malaysia: The velvet glove comes off the iron fist
US spying, and casting the first stone
Journalists, activists and politicians targeted by spyware: Kaspersky Lab
For more technology news and the latest updates, follow us on Twitter, LinkedIn or Like us on Facebook.