Reporters often targeted by Russian hackers
List backs up American intelligence conclusions
Russian hackers pursued journalists with the same gusto as when they went after U.S. politicians and intelligence figures, an Associated Press investigation has found.
The espionage group known as Fancy Bear tried to break into Gmail inboxes of at least 200 reporters, publishers and bloggers as early as mid-2014 and as recently as a few months ago, according to an analysis of data supplied by the cybersecurity firm Secureworks and interviews with more than 40 journalists. The list provides a kind of map of the media outlets that regularly draw the Kremlin’s ire.
“These are journalists that bother them,” said Natalia Gevorkyan, a Russian columnist who reviewed the data. Gevorkyan, the author of a book on Russian intelligence, said the hacking campaign appeared geared to collecting private emails, “which they can use as leverage for later.”
The list provides new evidence for the U.S. intelligence community’s conclusion that Fancy Bear — which Secureworks calls Iron Twilight — acted on behalf of the Russian government when it intervened in the U.S. presidential election, a charge the Kremlin denies. It also provides a kind of Who’s Who of Russia reporting and independent journalism, covering Washington, Moscow, Ukraine, the Baltics and elsewhere in the post-soviet sphere. The hackers pursued more journalists than any other group of targets identified by the AP, except for diplomatic personnel and U.S. Democrats.
The list includes roughly 50 foreign correspondents based in Moscow or Russian reporters ranging from bloggers in provincial cities to high-profile Moscow television stars like Ksenia Sobchak, who is mounting a longshot bid for the presidency. The former New York Times Moscow bureau chief, Ellen Barry, was among the targets. Fancy Bear tried to send phishing emails to roughly 50 of Barry’s colleagues at The Times in late 2014, according to two people familiar with the matter. They spoke on condition of anonymity because the information was meant to be confidential. The Times confirmed in a brief statement that its employees received the malicious messages but declined to comment further.
Many Russian journalists who were targeted by the hackers said they had long been taking extra security measures, locking their online accounts down with second passwords and relying on encrypted messaging apps. Fancy Bear target Ekaterina Vinokurova even said she routinely deleted her own emails.
“I understand that my accounts may be hacked at any time,” she said in a telephone interview. “I’m ready for them.”
It’s not just who the hackers tried to spy on that suggests the Russian government was involved. It’s also when.
Maria Titizian, an Armenian journalist, immediately found significance in the date she was targeted: June 26, 2015.
“It was Electric Yerevan,” she said, referring to protests over rising energy bills that she covered. The protests rocked Armenia’s capital that summer and were initially seen by some in Moscow as a threat to Russian influence.
Titizian said her outspoken criticism of the Kremlin’s “colonial attitude” toward Armenia could have made her a target.
Eliot Higgins, whose open source journalism site Bellingcat was targeted repeatedly by Fancy Bear beginning in early 2015, said the phishing attempts seemed to begin “once we started really making strong statements about MH17,” the Malaysian airliner shot out of the sky over eastern Ukraine. Bellingcat played a key role in marshaling the evidence that the plane was destroyed by a Russian missile, Moscow’s denials notwithstanding.