Browse > Home /

#Tip: Remember how to spot and defend against cyber attacks


As this Scribd story by Jonathan Stray tells us, “journalism is a high risk professions”.

“Even if you’re not working on a sensitive story,” says the assistant adjunct professor at Columbia Journalism School, “you are a target.”

Threat Modeling: Planning digital security for your story‘ is an important document for journalists everywhere in recognising and protecting themselves against from hacking attempts and learning to protect documents that could incriminate sources. As well as highlighting instances when the AP and Washington Post were successfully hacked, Stray gives case studies, exercises and resources that help journalists understand security better.

You may just be working on a feature about cupcakes, but if only one journalist at a news organisation is working on a sensitive story then the whole organisation becomes a target. At the very least, this could lead to the story getting blown but it could also mean a source gets arrested or, worse still, killed.

Tags: , , , , ,

Similar posts:

#Tip: Learn how to encrypt your emails

August 27th, 2013 | No Comments | Posted by in Top tips for journalists


Our emails are not nearly as secure as we would like to believe. This had been suspected by many before the recent and continuing revelations from Edward Snowden, Glenn Greenwald, Alan Rusbridger et al. but it should now be common knowledge that every email we send can be viewed by third parties and security services.

So Alan Henry has put together a guide over at Lifehacker on how, with a little time and patience, you can learn to encrypt your emails. This is obviously not necessary for any kind of “Hi Mum” or “look at this cat” type of correspondence but having the relevant know-how could be vital if a source reaches out and wants to share encrypted information with you. Besides, Glenn Greenwald almost lost the NSA story because he ignored Snowden’s instructions on how to encrypt their communication.

If you have a tip you would like to submit to us at email us using this link.
Tags: , , , , , ,

Similar posts:

#Tip: ‘You can’t hack a notebook’

July 1st, 2013 | No Comments | Posted by in Top tips for journalists
Image by Moyan_Bren on Flickr. Some rights reserved

Image by Moyan_Bren on Flickr. Some rights reserved

We recently publishing two features with security advice for journalists: one on Twitter security, the other on computer security.

We also published a podcast in which investigative journalist Lyra McKee said that it is worth remembering that anyone who is eager to find details on you sources may be able to hack a computer but that “you can’t hack a notebook”.

Poynter has published ‘six ways journalists can keep their reporting materials private & off-the-record‘.

There were a number of security tools shared at the Nicar conference in February. Chrys Wu has noted them in this article on her blog.

• Burner iPhone app creates disposable phone numbers
• Tools for hiding an IP address:
– Anonymizer ($80)
– Privoxy
– BeHidden
– Anonymous
– IxQuick
• Orbot provides Tor proxying on Android phones
• Silent Circle encrypted communication app for iPhone and Android

Tags: ,

Similar posts:

#Tip: Beware of this consistently successful phishing hack

June 12th, 2013 | No Comments | Posted by in Top tips for journalists


The Guardian, Associated Press and the Onion have all been hacked in recent months by a group calling themselves the Syrian Electronic Army, using a sophisticated but easily believable phishing technique.

Then, last week, the Financial Times announced that the SEA had claimed its scalp as well, followed by this blog post from FT Labs co-founder Andrew Betts on how it happened and lessons learned. Some wise words on staying wary of and vigilant against unsolicited emails.

Tags: , , , ,

Similar posts:

#Podcast: Online security advice for journalists

Image by Moyan_Bren on Flickr. Some rights reserved

Image by Moyan_Bren on Flickr. Some rights reserved

This podcast looks at how to secure your computer to protect both yourself and your sources.

Security experts and an investigative journalist outline the dangers and offer solutions.

They explain how journalists can communicate securely by email, safely store information on a computer, and they share advice on preventing a Twitter account hack.

Sarah Marshall, technology editor at, speaks to:

  • Lyra McKee, investigative journalist and founder of The Muckraker, an investigative news blog for Northern Ireland
  • Brian Honan, an independent security consultant at BH Consulting
  • Daniel Cuthbert, chief operating officer at information security firm Sensepost

You can hear future podcasts by signing up to the iTunes podcast feed.

You might like to read this guide on ‘how not to get your Twitter account hacked‘. It has advice from Daniel Cuthbert.


Tags: , , , , , ,

Similar posts:

#Tip of the day from – digital security advice for reporters

August 28th, 2012 | No Comments | Posted by in Top tips for journalists

On the website for the Knowledge Bridge project, former Guardian and BBC journalist and editor Kevin Anderson outlines several tips for journalists on keeping their digital activities secure, such as on email, social media or browsers.

Anderson joined Media Development Loan Fund (MDLF) earlier this year and works on the Knowledge Bridge project which aims to help news organisations to “make the digital transition”.

His “common sense” tips also include advice on how to keep your mobile phone safe.

See the post here.

Tipster: Rachel McAthy

If you have a tip you would like to submit to us at email us using this link.

Tags: , , ,

Similar posts:

How not to get your Twitter account hacked

July 28th, 2011 | 1 Comment | Posted by in Social media and blogging

Twitter has issued advice on keeping your account secure.

It follows a recent case of the Fox News politics Twitter account being hacked.

Hacking is rare, according to Twitter’s blog, but phishing, when a spam message ask for your password, is relatively common.

Here are some recommendations from Twitter.

  • Use a strong password with at least 10 characters and a combination of letters, numbers and other characters for your Twitter account. And use a unique password for each website you use (email, banking, etc.); that way, if one account gets compromised, the rest are safe. A personal email account that is compromised is the second most likely way an intruder gains access to Twitter accounts.
  • Use HTTPS for improved security on Twitter. This is the same encryption technology that allows you to safely make payments online. Learn how to do this here.
  • We recommend linking your phone to your Twitter account. Doing this could save your account if you lose control of your personal email and/or password. Here’s how to do it.
  • If you think your account has been compromised, visit our help page for compromised accounts to find out how to fix it quickly.

For advice on protecting your phone, see’s How not to get your phone hacked blog.

Tags: , ,

Similar posts:

How not to get your phone hacked

July 14th, 2011 | 3 Comments | Posted by in Mobile

In the wake of the News of the World phone-hacking scandal some major news organisations have sent out emails to journalists and other members of staff advising them to protect their phone against hacking.

As this blog post by mobile phone security expert David Rogers points out, hacking is a misnomer. What went on at News of the World was “illicit access to voicemail messages”.

Rogers’ post points out various methods that could have been used to do this. Here are ways to keep your voicemail secure. Okay, so it is unlikely that journalists will be voicemail-hacking in the future but conmen and women may now have ideas.

How hacking took place:

1. By using default PINs

Mobile phone voicemail boxes are set up so they do not require a PIN or use one of several default codes which can be worked out by a two minute internet search.

Solution: You’ll need to set up a PIN by following the advice from your phone company. There are step-by-step instructions on how to do this for Vodafone, O2, Orange, and T Mobile. A quick search will help you if you are with an alternative carrier.

You can also set up or change your voicemail password on your handset. (On an iPhone this is found in settings / phone / change voicemail password.)

2. By using default PINs and remote access

Rogers explains in his post:

Operators often provide an external number through which you can call to access your voicemail remotely.

This was one of the mechanisms allegedly used by the News of the World ‘phone hackers’ to get access to people’s voicemails without their knowledge.

Solution: Find out the remote access number for your voicemail from your phone provider and set up a PIN using the links above.

3. By calling your own phone

When you want to access your voicemail remotely you can do so by calling your own phone number and interrupting the voicemail message by pressing *.

Rogers points out:

Claims about the voicemail hacking scandal say that one journalist would call up a celebrity to engage the phone while another would then go into the voicemail using this method.

Solution: Set up a PIN using the links above.

There is more advice and a more detailed explanation on how voicemail hacking took place at this link.

This Mashable post on how to protect your phone is also worth reading, particularly if you are an Android user.

Image by John Karakatsanis on Flickr. Some rights reserved.

Tags: , , ,

Similar posts:

Leaked US military video boosts donations to Wikileaks

April 8th, 2010 | No Comments | Posted by in Press freedom and ethics

Whistleblowing website Wikileaks has received more than £150,000 in donations since Monday, when it published a leaked US military video of the killing of 12 civilians – including two Reuters staff – in Iraq in 2007. According to the Wikileaks site, the project requires $600,000 a year to run.

The video has been hailed as a turning point for the controversial site (see this Wired article from 2009), which uses a network of volunteers to release information and promises full confidentiality for its sources.

As the Editors Weblog summarises:

Many news outlets might find themselves in a love-hate relationship with the news outlet. Wikileaks is situated at an important spot within the news industry as the only place willing to publish stories others can’t or wont. The website can function as a voice capable of breaking high profile scandals news outlets don’t want to break.

While Wikileaks acts as an important watchdog against corruption, the sometimes-paranoid tone of the site might undermine the website’s value while making it a target for criticism. To an extent, Wikileaks has every right to indulge in their paranoia. Several democratic governments around the world, all of whom have laws protecting free speech, have passed or discussed creating new laws which block the public’s access to the website. Just last night, the UK passed the digital economy bill, which contains a clause that could be used to justify blocking Wikileaks. The site is also blacklisted in Denmark and Australia.

Democracy Now is claiming videos it has obtained feature eyewitness accounts of the 2007 attack from the day after event; while international media organisations have called for a fresh investigation of the incident by the US military.

Tags: , , , , ,

Similar posts: Regional press agency leaks thousands of telephone numbers

August 14th, 2009 | No Comments | Posted by in Editors' pick, Online Journalism

A leak in the security system of Dutch regional press agency GPD meant thousands of phone numbers for public figures were openly accessible.

Other personal information was also available via a Google search.

Full story at this link…

Original story by (in Dutch).

Tags: , , , ,

Similar posts:

© Mousetrap Media Ltd. Theme: modified version of Statement