How should the media respond to Iran’s continued cyberattacks – analysis

As Iran-linked groups target Israeli institutions, the media is helping humiliate Israel and strike fear into its citizens

By James Spiro, CTech

This weekend news broke in Israel that Iranian-backed hacker group Black Shadow has hacked a local web hosting company, Cyberserve, resulting in a slow drip of leaked personal information from an LGBT-friendly dating app called Atraf. As a result, thousands of closeted gay men and women may have their lives and livelihoods at risk as sensitive information is posted on the dark web. At the time of writing, only one percent has been released according to Black Shadow, which has also claimed to hold information from the Kavim bus company and the Pegasus tourism company.

“What’s unique about these attacks is that they’re not motivated by commercial interests. They’re not extorting to get some financial gain… They’re actually more aimed at harming the organization, they’re more aimed at humiliating the organizations or trying to create as much disruption or inconvenience with the attacked organization by targeting sensitive data,” explained Dr. Nimrod Kozlovski, Founding-Partner, Cytactic, Cyber Crisis Management.

Kozlovski refers to the “pandemic of attacks” that have hit Israeli soil in recent months. This week’s attack comes soon after Shirbit had its data stolen – widely considered to be one of the worst cyberattacks in Israeli history. It appears that as the attacks continue to hit Israel, the hackers’ primary mission is to disrupt organizations, scare citizens, and humiliate the nation. A recent report by Acronis highlighted that more than one-third of Israeli companies have witnessed cyberattack attempts at least once a week.

“Normally when we speak about cyberattackers we differentiate between commercially-driven attackers, hacktivists, those trying to hack organizations in order to demonstrate some social protest, and between state-driven attackers who are more for intelligence gathering or different cyber warfare,” Kozlovski continued.

“Here we see cyberattackers that seem to be associated with potential enemies but not a state actor. It seems to be groups of attackers targeting Israeli targets in order to create a noticeable impact.”

And impact it did create. While companies scramble to recover their customers’ data and fix their reputations, stories often go viral on social media of how Iranian, Russian, or Chinese-linked groups spread terror and humiliation through cyberattacks. Whereas before journalists had to go looking for the truth as companies entered damage control and suppressed the true damage, hackers can now easily share their work directly with the media who can communicate with them on the Dark Web or on platforms like Telegram.

“These attackers are smart enough and trying to make the story as interesting and as juicy for the journalists in order for the journalists to magnify the story and take it to the traditional media. Journalists need to be advised that now they are being part of this attack plan. They’re part of the plan because the attack is planned around creating PR damage or creating media impact and by taking these stories from the Telegram channels, they are echoing the story and creating the harm that the attackers aim for,” Kozlovski told CTech, who was at that moment deciding whether or not to publish this story at all.

As far as ‘juicy’ stories go, the Iranian-backed hack that affected an LGBT-friendly dating app would perfectly align with the current culture wars being felt around the world. As Israel and Iran continue their tic-for-tac battle in cyberspace, it is undeniable that this attack on Israel’s more progressive aspect of society is more newsworthy than traditional attacks on insurance companies or healthcare systems. There is suddenly a dilemma for Israeli media who refuse to give the hackers the attention they crave while remaining an honest arbiter of news and information relating to the welfare of citizens impacted by attacks.

Still, if local news didn’t report on the country’s problems, then it wouldn’t prevent a historically hostile international press from picking up the story.

“I don’t think that individual journalists would decide that they’re not taking these pieces of information. But altogether the journalists are creating the impact that the hackers wanted to create. Israeli journalists are not the only ones telling the story, the Iranian attackers are trying to sell the story as wide as possible and if it’s not posted in Israel it would be posted by British or other magazines that look at it as an interesting phenomenon.”

And so, the battle goes on.

While Kozlovski urges some reforms, such as redrafting the Israeli Privacy Protection Law to include broader protections of private information or longer limitations on what kind of data organizations can collect, he still urges citizens to be aware of the personal and sensitive data that is shared with companies. Like Atraf who uses a 3rd party web service to store its data, the next hack could be moments away. It is therefore the responsibility of the media to raise awareness of such attacks and help companies and individuals secure their privacy in the future.

“Given the new line of attack by hackers that are not motivated by financial gain but are motivated by the damage they can create with sensitive information, I think even organizations that were traditionally not thinking of themselves as digital… need to start thinking of themselves as potential targets of a cyberattack and therefore need to evaluate how to prepare for such a thing,” he concluded (and CTech reported).

Cyber securityIranian hackersmedia