Newsweek Joins Growing Club of Possible Russian Cyberattack Targets

Newsweek is the latest media institution to get caught up in a series of cyberattacks that have targeted major government, political and media organizations, raising suspicions of links to Russia or other foreign adversaries.

The news magazine sustained a massive DDoS attack the day after it published a cover story about Republican presidential candidate Donald Trump’s business activities in the late 1990s. Officials linked to the real estate mogul allegedly spent tens of thousands of dollars to seek out potential new business in Cuba, amid rumors of a change in U.S. policy during the second term of the Clinton administration.

The expenditures would have violated U.S. law, the article suggests, as it was illegal for Americans to spend money in the country due to a boycott of the Castro regime.

Kurt Eichenwald, author of the Newsweek story, tweeted news of the attack.

News: The reason ppl couldnt read #TrumpInCuba piece late yesterday is that hackers launched a major attack on Newsweek after it was posted.

— Kurt Eichenwald (@kurteichenwald) September 30, 2016

Eichenwald later tweeted that numerous IP addresses had been identified, with the main ones coming from Russia.

The New York Times this summer was hit by an attack on its Moscow bureau.

There was no evidence that any of the company’s internal systems, including at the Moscow bureau, had been breached or compromised, Eileen Murphy, SVP of communications, said at the time.

The two attacks are different in that hackers breached The New York Times in search of information, while the Newsweek attack was a DDoS, noted Jon Clay, senior global marketing manager at Trend Micro.

“The similarities are that they are both news organizations,” he told the E-Commerce Times. “We have seen an increase in attacks against these types of organizations over the past year, which may be due to the nature of the world today. Hackers want information they can use to either sell or exploit for profit, and hacktivists want to disrupt their victims’ activities or networks.”

Device Diversion

DDoS attacks often involve using compromised devices connected to the Internet — for example, Web cameras or IoT devices — and then flooding the system with targeted communications from them, said Clay.

“More traditionally, the actors have recruited other sympathetic users on the Internet to utilize DDoS tools and then coordinate an attack at a specified time frame,” he pointed out.

DDoS attacks generally fall into three categories — mischief, misdirection or brand damage — noted Kevin O’Brien, president of GreatHorn.

Mischief attacks, known as “lulz,” are essentially digital graffiti — or hackers having fun at the expense of a victim, he told the E-Commerce Times. Brand damage is essentially a form of disrupting a political or corporate brand by taking it offline. Misdirection attacks use the initial hack to divert essential IT staff from a second more dangerous attack, which usually involves the use of stolen credentials to access more sensitive areas of a target.

Mulling Motives

“I would not be surprised to find that the Newsweek DDoS attack was motivated by some form of political activism, in response to their OpEd position in world affairs in general and/or Russian influence on the global stage in particular,” O’Brien said.

The jury is still out on whether the Newsweek attack was designed to intimidate the magazine or was a random attack designed primarily to embarrass another major U.S. institution, said Rick Edmonds, media business analyst at the Poynter Institute.

“I’d vote for random mischief, though I am going to have to leave it to the CIA to scope out how coordinated the Russian hacks are and what their purpose is,” he told the E-Commerce Times, noting that the Newsweek attack was “sort of in the Trump spirit of bite back.”