You Can Hack This Headline for $200

Cybercriminals claim to be selling the ability to manipulate media outlets’ articles.

Freshly printed copies of the San Francisco Chronicle run through the printing press at one of the Chronicle's printing facilities in San Francisco on Sept. 20, 2007. (Justin Sullivan/Getty Images)
Freshly printed copies of the San Francisco Chronicle run through the printing press at one of the Chronicle's printing facilities in San Francisco on Sept. 20, 2007. (Justin Sullivan/Getty Images)
Freshly printed copies of the San Francisco Chronicle run through the printing press at one of the Chronicle's printing facilities in San Francisco on Sept. 20, 2007. (Justin Sullivan/Getty Images)

Computer security researchers have recently noticed a disturbing trend in the dark corners of the web: Hackers are increasingly advertising access to the websites of media organizations, offering to sell stolen credentials that would allow the buyer to edit and post articles or plant malware on their websites.

Computer security researchers have recently noticed a disturbing trend in the dark corners of the web: Hackers are increasingly advertising access to the websites of media organizations, offering to sell stolen credentials that would allow the buyer to edit and post articles or plant malware on their websites.

Gaining access to the content management systems of media organizations would potentially give hackers the ability to turn newspapers, wire services, and magazines into unwitting participants in disinformation operations.

“For anyone with a strategic will or the strategic motivation to do that, it is a piece of cake,” said Omer Carmi, a former intelligence analyst for the Israeli armed forces who is now the director of intelligence for Sixgill, a cybersecurity firm. “I only need to have credentials for this forum, $200 dollars in bitcoin, and I can just go in and publish whatever what I want as an article.”

Carmi and his company’s researchers have discovered several offers in recent months for access to news outlets’ sites. One offer was for access to 1,400 U.S. magazines; another was for access to a major news wire, with most of its audience in Southeast Asia.

There is no way to verify that the posts discovered by Carmi are legitimate. And there is little evidence so far that these credentials are being used to publish false or misleading information.

But other cybersecurity firms have discovered similar offers in recent months, and sellers on closed criminal forums trade on their reputation for providing bona fide material. Those closed forums on the dark web act as a giant flea market that hackers use to fence stolen wares, such as bank logins, credit card numbers, or more exotic goods.

One appeal of news sites is that high-traffic pages would offer hackers a way to spread malicious code—such as a cryptocurrency mining script—to many machines. Theoretically, hackers could make a mint if they took over enough computers, but with cryptocurrency prices falling, that’s unlikely, said Andrei Barysevich, the director of advanced collection at the cybersecurity firm Recorded Future. “You really have to infect millions of people to make money,” he said.

With slim pickings in cryptomining, hackers are marketing access to media outlets as a way to spread disinformation.

In early 2018, Barysevich and his colleagues approached a hacker on an online forum who claimed to be selling access to a major news outlet’s content management system. The hacker was asking around $15,000 for the vulnerability, which would allow broad system access, and the price struck Barysevich as high.

In a chat, Recorded Future researchers asked the hacker what the material could be used for. “Well, you could plant fake articles,” the unidentified hacker wrote back.

But researchers point out that major fake articles would likely be quickly disproved, undermining their value.

A subtler way to exploit access to media sites would be to introduce minor changes to an article, said Herb Lin, a cybersecurity scholar at Stanford University.

“I can use this to spread disinformation that at the very least puts the company on the defensive,” Lin said. “You said this, and then you said that. It’s a way of discrediting the media company.”

Media outlets have been frequently targeted by malicious hackers. Last December, supporters of the YouTube personality PewDiePie hacked the Wall Street Journal to post a message encouraging readers to subscribe to his channel.

Hacking news outlets has also been used for straightforward intelligence gathering. Beginning in 2008, Chinese operatives targeted major U.S. news outlets, including the New York Times and the Washington Postin an apparent effort to monitor coverage of China issues.

Hackers with access to media outlets have opened the door to creative ways to make money. In 2013, a group known as the Syrian Electronic Army hacked The Associated Press’s Twitter account and used it to falsely claim that there had been explosions at the White House. The claim sent the stock market tumbling, and anyone who knew the attack was coming could have shorted the market and pocketed a handy profit.

A similar operation could likely be executed with the credentials being sold online today. “Momentary disruptions—if you can predict them—can make you a fair amount of money,” Lin pointed out. Spectacular but fake stories could momentarily rattle markets and open up opportunities.

“It would take 10 or 15 minutes for that stuff to be repudiated,” Lin said. “And I can sell short on that.”

Elias Groll was an assistant editor and staff writer at Foreign Policy from 2013-2019.
Twitter: @eliasgroll

More from Foreign Policy

The USS Nimitz and Japan Maritime Self-Defense Force and South Korean Navy warships sail in formation during a joint naval exercise off the South Korean coast.
The USS Nimitz and Japan Maritime Self-Defense Force and South Korean Navy warships sail in formation during a joint naval exercise off the South Korean coast.

America Is a Heartbeat Away From a War It Could Lose

Global war is neither a theoretical contingency nor the fever dream of hawks and militarists.

A protester waves a Palestinian flag in front of the U.S. Capitol in Washington, during a demonstration calling for a ceasefire in Gaza. People sit and walk on the grass lawn in front of the protester and barricades.
A protester waves a Palestinian flag in front of the U.S. Capitol in Washington, during a demonstration calling for a ceasefire in Gaza. People sit and walk on the grass lawn in front of the protester and barricades.

The West’s Incoherent Critique of Israel’s Gaza Strategy

The reality of fighting Hamas in Gaza makes this war terrible one way or another.

Biden dressed in a dark blue suit walks with his head down past a row of alternating U.S. and Israeli flags.
Biden dressed in a dark blue suit walks with his head down past a row of alternating U.S. and Israeli flags.

Biden Owns the Israel-Palestine Conflict Now

In tying Washington to Israel’s war in Gaza, the U.S. president now shares responsibility for the broader conflict’s fate.

U.S. President Joe Biden is seen in profile as he greets Chinese President Xi Jinping with a handshake. Xi, a 70-year-old man in a dark blue suit, smiles as he takes the hand of Biden, an 80-year-old man who also wears a dark blue suit.
U.S. President Joe Biden is seen in profile as he greets Chinese President Xi Jinping with a handshake. Xi, a 70-year-old man in a dark blue suit, smiles as he takes the hand of Biden, an 80-year-old man who also wears a dark blue suit.

Taiwan’s Room to Maneuver Shrinks as Biden and Xi Meet

As the latest crisis in the straits wraps up, Taipei is on the back foot.