Publishers are being urged to 'prepare for war' as newspapers face the growing threat of cyber attacks.
Schibsted Sverige CIO Malin Bäcklund recommends publishers, "think as the Romans, 'Si vis pacem, para bellum' ( 'If you want peace, prepare for war')".
The warning in a WAN-Ifra public affairs and media policy post follows main news websites in Sweden being attacked and taken down last month. Saturday evening (March 19) the country's major news websites experienced a massive cyber attack, taking the sites fully or partially offline for several hours.
The attacks used the distributed denial-of-service (DDoS) method, and affected the sites of Dagens Nyheter, Svenska Dagbladet, Expressen, Aftonbladet, Dagens Industri, Sydsvenskan and Helsingborgs Dagblad.
Although it is not clear from where the attacks originated, Aftonladet reported that online traffic analysis indicated the majority of the traffic coming from a network of computers in Russia.
The implications of the attacks go beyond cyber security as news media were their target, raising questions about the possibility of a malicious actor orchestrating a media blackout. The Swedish interior minister Anders Ygeman called the attacks "a deeply worrying attack on the media and free speech".
"To threaten access to news coverage is a threat to democracy", said Jeannette Gustafsdotter, the head of the Swedish Media Publishers' Association.
DDoS attack, which is the most common way of targeting and crashing a website, is a relatively easy form of cyber attack to execute. In simple terms, the attacker harnesses an army of "zombie" computers, infected by malware, and directs them to simultaneously target specific websites. The aim is to overwhelm the receiving servers and thus take the site down.
As DDoS attacks are somewhat simple to execute compared to most other forms of cyber attacks, it's likely that they will be also used more and more in the future in attempts to silence news media. News publishers would therefore do well to reassess their IT security and make sure they have the necessary protections in place.
For Schibsted, the first attack started at about 1930 on Saturday March 19, escalating quickly and eventually reaching traffic levels of over 100 Mbps, causing parts of the ISP infrastructure to crash. Although Aftonbladet was the main target, Svenska Dagbladet and other sites of the company were also affected due to shared resources.
It took several hours to mitigate the consequences and reroute traffic to get the sites back online. A second large attack followed on Thursday March 24, as heavy as the first one, however this time the affected sites only went down for a couple of minutes.
Schibsted's Bäcklund says that the company has been continuously strengthening its IT security, specifically its DDoS protection, but the attack was a clear demonstration that the security measures were not sufficient.
"One part of the protection that we had implemented at our internet service provider proved not to work properly during the massive attack," she says.
The company has previous experience from DDoS attacks, but this time was at a much larger scale than what they had faced before, and she underlined the importance of robust stress test processes. "The attack was a real life test from which we have learnt a lot."
In the aftermath, the Swedish media companies have been in contact with each other, Bäcklund says, sharing learnings in order to build stronger protections against future threats. Schibsted is also working with the police, but for security reasons Bäcklund can't comment more about the investigation.
If this is the new reality that news publishers live in, how can they be sure to be prepared? "The best way to prepare for attacks is to secure a continuous work on IT security, and never lean back," Bäcklund says, noting that it's usually easier to get financing for smaller, on-going online security investments than for massive systemic rebuilds.
with WAN-Ifra Public Affairs and Media Policy