Threat of the week: local news sites

We’ve told you how even companies with good IT security can have their networks penetrated if they are doing business with firms that have poor security. It’s time to look at the individual version of this. Everyone knows that visiting naughty websites is a great way to infect your computer with a virus. Now you ...

Getty Images
Getty Images
Getty Images

We've told you how even companies with good IT security can have their networks penetrated if they are doing business with firms that have poor security. It's time to look at the individual version of this. Everyone knows that visiting naughty websites is a great way to infect your computer with a virus. Now you can add local news sites to the list.

That's right; thieves are injecting local news websites with malware that infects visitors' machines. Once on the infected computer, the malware transmits the users' online banking information to a server owned by the criminals. You can guess what happens next.

The attackers find which banks have weak online banking security by scanning a range of IP addresses to see which ones use a specific type of website login that is known to be vulnerable, Jason Rebholz, a consultant with cyber security firm Mandiant told Killer Apps. (He didn't disclose the specific login.) Then they install a Java exploit onto local media sites in the area that the bank is in so that they can collect informaton from its likely customers.

We’ve told you how even companies with good IT security can have their networks penetrated if they are doing business with firms that have poor security. It’s time to look at the individual version of this. Everyone knows that visiting naughty websites is a great way to infect your computer with a virus. Now you can add local news sites to the list.

That’s right; thieves are injecting local news websites with malware that infects visitors’ machines. Once on the infected computer, the malware transmits the users’ online banking information to a server owned by the criminals. You can guess what happens next.

The attackers find which banks have weak online banking security by scanning a range of IP addresses to see which ones use a specific type of website login that is known to be vulnerable, Jason Rebholz, a consultant with cyber security firm Mandiant told Killer Apps. (He didn’t disclose the specific login.) Then they install a Java exploit onto local media sites in the area that the bank is in so that they can collect informaton from its likely customers.

The hackers are going after local news stations because in many cases, they don’t have very good IT security and they have lots of traffic, according to Rebholz.

"They found something local through those scans and the popped it that way," said Rebholz, who notes that this type of malware isn’t limited news sites, those are just the only cases he has seen. (And of those, he’s seen less than ten cases.)  "Judging by what their budget would be for IT security and what I’ve seen in other industries, usually the [smaller businesses] security is an afterthought, it’s not something that they’re going to do right away.

For hackers, "it’s all about going after the low hanging fruit," he added.

As is often the case with security breaches, the news stations may have failed to perform even basic security tasks such as updating their software in time to prevent hackers from taking advantage of known flaws in the software.

John Reed is a national security reporter for Foreign Policy. He comes to FP after editing Military.com’s publication Defense Tech and working as the associate editor of DoDBuzz. Between 2007 and 2010, he covered major trends in military aviation and the defense industry around the world for Defense News and Inside the Air Force. Before moving to Washington in August 2007, Reed worked in corporate sales and business development for a Swedish IT firm, The Meltwater Group in Mountain View CA, and Philadelphia, PA. Prior to that, he worked as a reporter at the Tracy Press and the Scotts Valley Press-Banner newspapers in California. His first story as a professional reporter involved chasing escaped emus around California’s central valley with Mexican cowboys armed with lassos and local police armed with shotguns. Luckily for the giant birds, the cowboys caught them first and the emus were ok. A New England native, Reed graduated from the University of New Hampshire with a dual degree in international affairs and history.

More from Foreign Policy

An illustration shows George Kennan, the father of Cold War containment strategy.
An illustration shows George Kennan, the father of Cold War containment strategy.

Is Cold War Inevitable?

A new biography of George Kennan, the father of containment, raises questions about whether the old Cold War—and the emerging one with China—could have been avoided.

U.S. President Joe Biden speaks on the DISCLOSE Act.
U.S. President Joe Biden speaks on the DISCLOSE Act.

So You Want to Buy an Ambassadorship

The United States is the only Western government that routinely rewards mega-donors with top diplomatic posts.

Chinese President Xi jinping  toasts the guests during a banquet marking the 70th anniversary of the founding of the People's Republic of China on September 30, 2019 in Beijing, China.
Chinese President Xi jinping toasts the guests during a banquet marking the 70th anniversary of the founding of the People's Republic of China on September 30, 2019 in Beijing, China.

Can China Pull Off Its Charm Offensive?

Why Beijing’s foreign-policy reset will—or won’t—work out.

Turkish Defense Minister Hulusi Akar chairs a meeting in Ankara, Turkey on Nov. 21, 2022.
Turkish Defense Minister Hulusi Akar chairs a meeting in Ankara, Turkey on Nov. 21, 2022.

Turkey’s Problem Isn’t Sweden. It’s the United States.

Erdogan has focused on Stockholm’s stance toward Kurdish exile groups, but Ankara’s real demand is the end of U.S. support for Kurds in Syria.